CVE-2024-1442

Published: Mar 7, 2024
Updated: May 4, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-1442" target="_blank" rel="noopener"> CVE-2024-1442
GHSA: <a href="https://github.com/advisories/GHSA-5mxf-42f5-j782" target="_blank" rel="noopener"> GHSA-5mxf-42f5-j782
Severity: High
Exploit:

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

CVSS v3:

CWEs: