{ "schema_version": "1.3.1", "id": "GO-2024-2629", "modified": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z", "aliases": [ "CVE-2024-1442", "GHSA-5mxf-42f5-j782" ], "summary": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana", "details": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/grafana/grafana from v8.5.0 before v9.5.7, from v10.0.0 before v10.0.12, from v10.1.0 before v10.1.8, from v10.2.0 before v10.2.5, from v10.3.0 before v10.3.4.", "affected": [ { "package": { "name": "github.com/grafana/grafana", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" } ] } ], "ecosystem_specific": { "custom_ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "8.5.0" }, { "fixed": "9.5.7" }, { "introduced": "10.0.0" }, { "fixed": "10.0.12" }, { "introduced": "10.1.0" }, { "fixed": "10.1.8" }, { "introduced": "10.2.0" }, { "fixed": "10.2.5" }, { "introduced": "10.3.0" }, { "fixed": "10.3.4" } ] } ] } } ], "references": [ { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5mxf-42f5-j782" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1442" }, { "type": "WEB", "url": "https://grafana.com/security/security-advisories/cve-2024-1442" } ], "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2024-2629", "review_status": "UNREVIEWED" } }