Site icon API Security Blog

Access Control Bypass

github.com/grafana/grafana is vulnerable to Access Control Bypass. The vulnerability exists due to a lack of write authorization checks in `authorization.go`, which allows an attacker with the viewer role and send a test alert using the api, as well as block SMTP servers.Read More

Exit mobile version