vulnerability

Alpine Linux: CVE-2021-28146: Incorrect Authorization

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Mar 22, 2021

Added

Aug 22, 2024

Modified

Mar 25, 2026

Description

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.

Solution

alpine-linux-upgrade-grafana

References

CVE-2021-28146
https://attackerkb.com/topics/CVE-2021-28146
https://security.alpinelinux.org/vuln/CVE-2021-28146
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-14844
CWE-863
EUVD-EUVD-2021-14844

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report