Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 5 days agoGrafana warns of max severity admin spoofing vulnerabilitywww.bleepingcomputer.comexternal-linkmessage-square1linkfedilinkarrow-up112arrow-down10
arrow-up112arrow-down1external-linkGrafana warns of max severity admin spoofing vulnerabilitywww.bleepingcomputer.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 5 days agomessage-square1linkfedilink
minus-squarepageflight@piefed.sociallinkfedilinkEnglisharrow-up3·5 days agoTo save a click: in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. The issue is only exploitable when SCIM (System for Cross-domain Identity Management) provisioning is enabled and configured. So self-hosted Grafana / locally managed users is unaffected.
To save a click:
So self-hosted Grafana / locally managed users is unaffected.