Advisory Database
  • Advisories
  • Dependency Scanning
  1. golang
  2. ›
  3. github.com/grafana/grafana
  4. ›
  5. GHSA-wm7r-3qxj-5xgq

GHSA-wm7r-3qxj-5xgq: Duplicate Advisory: Grafana Improper Access Control vulnerability

June 6, 2023 (updated February 13, 2025)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-cvm3-pp2j-chr3. This link is maintained to preserve external references.

Original Description

Grafana is an open-source platform for monitoring and observability.

The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.

This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.

Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.

References

  • github.com/advisories/GHSA-wm7r-3qxj-5xgq
  • github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3
  • github.com/grafana/grafana
  • grafana.com/security/security-advisories/cve-2023-2183
  • nvd.nist.gov/vuln/detail/CVE-2023-2183
  • security.netapp.com/advisory/ntap-20230706-0002

Code Behaviors & Features

Detect and mitigate GHSA-wm7r-3qxj-5xgq with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 8.5.26, all versions starting from 9.0.0 before 9.2.19, all versions starting from 9.3.0 before 9.3.15, all versions starting from 9.4.0 before 9.4.12, all versions starting from 9.5.0 before 9.5.3

Fixed versions

  • 8.5.26
  • 9.2.19
  • 9.3.15
  • 9.4.12
  • 9.5.3

Solution

Upgrade to versions 8.5.26, 9.2.19, 9.3.15, 9.4.12, 9.5.3 or above.

Impact 4.1 MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Learn more about CVSS

Weakness

  • CWE-284: Improper Access Control
  • CWE-862: Missing Authorization

Source file

go/github.com/grafana/grafana/GHSA-wm7r-3qxj-5xgq.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:18 +0000.