FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Incorrect Access Control

Affected packages
8.0.0 <= grafana < 8.2.4
8.0.0 <= grafana8 < 8.2.4


VuXML ID 99bff2bd-4852-11ec-a828-6c3be5272acd
Discovery 2021-11-02
Entry 2021-12-11

Grafana Labs reports:

When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin.


CVE Name CVE-2021-41244