Privilege Escalation

gafana is vulnerable to privilege escalation. An attacker can take over another user’s account in the grafana instance by supplying a login name through the specified `OAuth IdP` when the attacker’s external user id is linked to a grafana account, and the attacker knows the grafana user name of the target user.Read More