Wrong Permission in Grafana's Alert Rule Write API Endpoint Allows Unauthorized Rule Writing
CVE-2024-8118

Currently unrated

Key Information:

Vendor: Grafana
Status: Grafana
Vendor: CVE Published:; 26 September 2024

Summary

A vulnerability exists in Grafana where incorrect permission settings on the alert rule write API endpoint provide users with write access to external alert instances, inadvertently allowing them to modify alert rules. This misconfiguration can lead to unintentional alterations of important alert settings, posing potential security risks for organizations that rely on Grafana for monitoring and alerting. It is crucial for users running affected versions to update their installations to mitigate this risk and maintain the integrity of their alerting systems.

Affected Version(s)

Grafana 8.5.0 < 10.3.10

Grafana 10.4.0 < 10.4.9

Grafana 11.0.0 < 11.0.5

References

https://grafana.com/security/security-advisories/cve-2024...

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Aug 23, 2024