{"id":"CVE-2024-1442","details":" A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *.\nDoing this will grant the user access to read, query, edit and delete all data sources within the organization.\n","aliases":["BIT-grafana-2024-1442","GHSA-5mxf-42f5-j782","GO-2024-2629"],"modified":"2026-03-14T14:56:39.005490Z","published":"2024-03-07T18:15:46.590Z","related":["CGA-ph6x-2757-469v"],"references":[{"type":"ADVISORY","url":"https://grafana.com/security/security-advisories/cve-2024-1442/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241122-0007/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grafana/grafana","events":[{"introduced":"6134e3cf35a99c7dd3041b7ececb47cb7619ba9a"},{"fixed":"d2bfe3cc0bfb304d82548c94b6d4e348ec40005e"},{"introduced":"81d85ce8028dc54188e1f4482837d28f5fc7c797"},{"fixed":"4178363b4924405e546cc0d636029b59a8b8fef2"},{"introduced":"ff85ec33c56ffe567e6bde27473d9493eb70c743"},{"fixed":"8e1826409dffb1b6e9653ff0c0dd5689427ed48a"},{"introduced":"ae830f687450b8a0aca94ab2d72cc08853a80fff"},{"fixed":"ef29c153428e7bd5d53f54d564c5d5a51fd05124"},{"introduced":"e010fbb08cfcd444924bc674035ac6286d8cdb88"},{"fixed":"5bde27379c62c22183dd5e9deb7e66d90fada639"}],"database_specific":{"versions":[{"introduced":"8.5.0"},{"fixed":"9.5.7"},{"introduced":"10.0.0"},{"fixed":"10.0.12"},{"introduced":"10.1.0"},{"fixed":"10.1.8"},{"introduced":"10.2.0"},{"fixed":"10.2.5"},{"introduced":"10.3.0"},{"fixed":"10.3.4"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1442.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}