Site icon API Security Blog

Authorization Bypass

Grafana vulnerable to Authorization Bypass Through User-Controlled Key. The vulnerability is due to insufficient validation of organization IDs in the DeleteDashboardSnapshot within dashboard_snapshot.go. This allows an attacker to bypass authorization and delete a snapshot by sending a DELETE request to /api/snapshots/ with its view…Read More

Exit mobile version