CVE-2024-8118

EUVD-2024-48948
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GRAFANACNA
5.1 MEDIUM
NETWORK
LOW
HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
grafanagrafana
8.5.0 ≤
𝑥
< 10.3.10
CNA
grafanagrafana
10.4.0 ≤
𝑥
< 10.4.9
CNA
grafanagrafana
11.0.0 ≤
𝑥
< 11.0.5
CNA
grafanagrafana
11.1.0 ≤
𝑥
< 11.1.6
CNA
grafanagrafana
11.2.0 ≤
𝑥
< 11.2.1
CNA
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grafana
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://grafana.com/security/security-advisories/cve-2024-8118/