Home
MEDIUM: 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:NDefault status
unaffected
9.2.0 (semver)
affected
11.6.14 (custom) before 11.6.14+security-04
affected
12.0.0 (semver)
affected
12.2.8 (custom) before 12.2.8+security-04
affected
12.3.0 (semver)
affected
12.3.6 (custom) before 12.3.6+security-04
affected
12.4.0 (semver)
affected
12.4.3 (custom) before 12.4.3+security-02
affected
13.0.0 (semver)
affected
13.0.1 (custom) before 13.0.1+security-01
affected
Description
When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.
Product status
9.2.0 (semver)
11.6.14 (custom) before 11.6.14+security-04
12.0.0 (semver)
12.2.8 (custom) before 12.2.8+security-04
12.3.0 (semver)
12.3.6 (custom) before 12.3.6+security-04
12.4.0 (semver)
12.4.3 (custom) before 12.4.3+security-02
13.0.0 (semver)
13.0.1 (custom) before 13.0.1+security-01
References
grafana.com/security/security-advisories/cve-2026-33381