Executive Summary

This vulnerability involves the Snowflake datasource in Grafana, which allows GET and PUT commands. This means that any user who has access to run queries against the data source can read and write files between the local Grafana server and the connected Snowflake host.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can have a significant impact because it allows users with query access to read and write files on the local Grafana server and the Snowflake host. This can lead to unauthorized data exposure and modification, potentially compromising the confidentiality and integrity of sensitive information.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows any user with access to the Snowflake datasource in Grafana to execute GET/PUT commands, enabling them to read and write files between the local Grafana server and the connected Snowflake host.

This unauthorized ability to read and write data could lead to exposure or modification of sensitive information, which may violate data protection requirements under regulations such as GDPR and HIPAA.

Therefore, this vulnerability poses a significant risk to compliance with common standards and regulations that mandate strict controls over data confidentiality and integrity.

Useful 0 Not Useful 0