Wrong Permission in Grafana's Alert Rule Write API Endpoint Allows Unauthorized Rule Writing
CVE-2024-8118

Currently unrated

Key Information:

Vendor: Grafana
Status: Grafana
Vendor: CVE Published:; 26 September 2024

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-8118?

A vulnerability exists in Grafana where incorrect permission settings on the alert rule write API endpoint provide users with write access to external alert instances, inadvertently allowing them to modify alert rules. This misconfiguration can lead to unintentional alterations of important alert settings, posing potential security risks for organizations that rely on Grafana for monitoring and alerting. It is crucial for users running affected versions to update their installations to mitigate this risk and maintain the integrity of their alerting systems.

Affected Version(s)

Grafana 8.5.0 < 10.3.10

Grafana 10.4.0 < 10.4.9

Grafana 11.0.0 < 11.0.5

News Articles

Grafana

CVE-2024-8118

Grafana security release: Medium severity fix for CVE-2024-8118 | Grafana Labs

Today we are releasing Grafana 11.2.1, 11.1.6, 11.0.5, 10.4.9, and 10.3.10, which include a medium severity security fix. If you are affected, we recommend that you install newly released versions.

References

https://grafana.com/security/security-advisories/cve-2024...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Sep 26, 2024
📰
First article discovered by Grafana
Sep 26, 2024
Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Aug 23, 2024