Privilege Escalation Vulnerability in Grafana Labs Grafana OSS and Enterprise

CVE-2024-9476

Summary

A vulnerability in Grafana Labs' Grafana OSS and Enterprise products enables privilege escalation, potentially allowing users to access resources belonging to other organizations within the same Grafana instance. This issue specifically affects users who employ the Organizations feature to segregate resources. With this vulnerability, an unauthorized user could exploit the Grafana Cloud Migration Assistant, undermining the intended isolation of resources between organizations. It is imperative for users relying on the Organizations feature to evaluate their configurations and apply necessary security updates to mitigate the risks associated with this design flaw.

References