CVE-2024-8118
5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Grafana | Grafana | 8.5.0 < 10.3.10 | affected |
| Grafana | Grafana | 10.4.0 < 10.4.9 | affected |
| Grafana | Grafana | 11.0.0 < 11.0.5 | affected |
| Grafana | Grafana | 11.1.0 < 11.1.6 | affected |
| Grafana | Grafana | 11.2.0 < 11.2.1 | affected |
Weaknesses
- CWE-653: CWE-653: Improper Isolation or Compartmentalization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.