Privilege Escalation Vulnerability in Grafana Labs Grafana OSS and Enterprise
CVE-2024-9476

5.1MEDIUM

Key Information:

Vendor: Grafana Labs
Status: Grafana Oss And Enterprise
Vendor: CVE Published:; 13 November 2024

🔔 Create Grafana Labs Vulnerability Alert

What is CVE-2024-9476?

A vulnerability in Grafana Labs' Grafana OSS and Enterprise products enables privilege escalation, potentially allowing users to access resources belonging to other organizations within the same Grafana instance. This issue specifically affects users who employ the Organizations feature to segregate resources. With this vulnerability, an unauthorized user could exploit the Grafana Cloud Migration Assistant, undermining the intended isolation of resources between organizations. It is imperative for users relying on the Organizations feature to evaluate their configurations and apply necessary security updates to mitigate the risks associated with this design flaw.

Affected Version(s)

Grafana OSS and Enterprise 11.3.0 < 11.3.0+security-01

Grafana OSS and Enterprise 11.2.0 < 11.2.3+security-01

References

https://grafana.com/security/security-advisories/cve-2024...

vendor-advisory

https://grafana.com/blog/2024/11/12/grafana-security-rele...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2024

JSON