Unauthorized Invite Deletion in Grafana by Admins
CVE-2024-10452

2.7LOW

Key Information:

Vendor: Grafana
Status: Grafana
Vendor: CVE Published:; 29 October 2024

Summary

A significant security flaw in Grafana permits organization administrators to delete pending invites that were created in organizations to which they do not belong. This unauthorized access could lead to unintentional disruptions in user collaboration and may compromise the integrity of invite management within affected Grafana instances. Users are advised to apply the latest updates and review access controls to mitigate potential risks associated with this vulnerability.

References

https://grafana.com/security/security-advisories/cve-2024...

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2024