FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Teams API IDOR

Affected packages
6.0.0 <= grafana6
grafana7 < 7.5.15
grafana8 < 8.3.5


VuXML ID d71d154a-8b83-11ec-b369-6c3be5272acd
Discovery 2022-01-18
Entry 2022-02-12

Grafana Labs reports:

On Jan. 18, an external security researcher, Kürşad ALSAN from NSPECT.IO (@nspectio on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:

We believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).


CVE Name CVE-2022-21713