#cve_2024_1313 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cve_2024_1313, aggregated by home.social.
-
Unit 42 discusses security concerns stemming from the dashboard snapshot APIs of Grafana, an open-source data visualization and monitoring tool. One vulnerability, a Broken Object-Level Authorization (BOLA) was assigned CVE ID CVE-2024-1313 (6.5 medium, disclosed 26 March 2024). The other, an endpoint that allows any Grafana user to create snapshot images and does not enforce complexity checks on the self-assigned secret keys, was not considered a vulnerability by Grafana. Unit 42 warns that successful exploitation could allow for denial-of-service (DoS) attacks or brute-force the weak secrets to view or delete snapshots belonging to other users. 🔗 https://unit42.paloaltonetworks.com/new-bola-vulnerability-grafana/