Bug 2413278 (CVE-2025-41115)
| Summary: | CVE-2025-41115 grafana: Incorrect Privilege Assignment | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | alcohan, gparvin, jbalunas, lchilton, owatkins, pahickey, rhaigner, security-response-team, sfeifer |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Grafana. In Grafana where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId.
Because Grafana maps the SCIM externalId directly to the internal user.uid, numeric values (e.g. "1") may be interpreted as internal numeric user IDs. In specific cases this could allow the newly provisioned user to be treated as an existing internal account, such as the built-in Admin, leading to potential impersonation or privilege escalation.
This issue affects only deployments with SCIM enabled and configured.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-11-07 01:00:37 UTC
|