CVE-2024-8118

Summary

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

Affected Software

VendorProductVersion RangeStatus
GrafanaGrafana8.5.0 < 10.3.10affected
GrafanaGrafana10.4.0 < 10.4.9affected
GrafanaGrafana11.0.0 < 11.0.5affected
GrafanaGrafana11.1.0 < 11.1.6affected
GrafanaGrafana11.2.0 < 11.2.1affected

Weaknesses

  • CWE-653: CWE-653: Improper Isolation or Compartmentalization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References