Early Access — Mondoo Vulnerability Intelligence is currently in preview.
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
Exploitability
AV:NAC:LAT:NPR:HUI:NVulnerable System
VC:LVI:LVA:LSubsequent System
SC:NSI:NSA:N5.1/CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:NOther