Description
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
Remediation
References
Related Vulnerabilities
Django Other Vulnerability (CVE-2015-3982)
WordPress Plugin WPGraphQL Security Bypass (0.2.3)
WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
Claroline Other Vulnerability (CVE-2006-2868)
WordPress Plugin 10Web Map Builder for Google Maps Cross-Site Scripting (1.0.69)