Products
Grafana
Source
security@grafana.com
Tags
CVE-2024-8118 details
Published : Sept. 26, 2024, 7:15 p.m.
Last Modified : Sept. 26, 2024, 7:15 p.m.
Last Modified : Sept. 26, 2024, 7:15 p.m.
Description
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-653 | Improper Isolation or Compartmentalization | The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
References
| URL | Source |
|---|---|
| https://grafana.com/security/security-advisories/cve-2024-8118/ | security@grafana.com |
This website uses the NVD API, but is not approved or certified by it.