Home
HIGH: 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NDefault status
unaffected
8.5.0 (semver)
affected
11.6.14 (custom) before 11.6.14+security-04
affected
12.0.0 (semver)
affected
12.2.8 (custom) before 12.2.8+security-04
affected
12.3.0 (semver)
affected
12.3.6 (custom) before 12.3.6+security-04
affected
12.4.0 (semver)
affected
12.4.3 (custom) before 12.4.3+security-02
affected
13.0.0 (semver)
affected
13.0.1 (custom) before 13.0.1+security-01
affected
Description
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.
Product status
8.5.0 (semver)
11.6.14 (custom) before 11.6.14+security-04
12.0.0 (semver)
12.2.8 (custom) before 12.2.8+security-04
12.3.0 (semver)
12.3.6 (custom) before 12.3.6+security-04
12.4.0 (semver)
12.4.3 (custom) before 12.4.3+security-02
13.0.0 (semver)
13.0.1 (custom) before 13.0.1+security-01
References
grafana.com/security/security-advisories/cve-2026-33377