Unauthorized access to screen In grafana
Description
A flaw was found in Grafana. This cross-tenant isolation vulnerability affects legacy correlation records, specifically those created prior to Grafana 10.2. A user with datasource management privileges can exploit a backward compatibility condition, which allows records with an organization ID (org_id) of 0 to be returned across different organizations. This enables the user to read and permanently delete sensitive correlation data belonging to other organizations.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Aliases
1. 2. 3.