CVE-2024-5526

Summary

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers.

Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity.

This issue was fixed in version 1.5.2

Affected Software

VendorProductVersion RangeStatus
GrafanaOnCall1.1.37 < 1.5.2affected

Weaknesses

  • CWE-918: CWE-918

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References