Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 03 Sep 2024 17:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Tue, 20 Aug 2024 18:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource. | |
| Weaknesses | CWE-266 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GRAFANA
Published: 2024-08-20T17:52:06.232Z
Updated: 2024-09-03T17:04:40.540Z
Reserved: 2024-06-25T13:25:06.436Z
Link: CVE-2024-6322
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-09-03T17:04:35.433Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2024-08-20T18:15:09.900
Modified: 2024-08-21T12:30:33.697
Link: CVE-2024-6322
 Redhat
                        Redhat
                    No data.