CVE-2024-8118

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

CVSS

No CVSS.

References

Link	Resource
https://grafana.com/security/security-advisories/cve-2024-8118/

Configurations

No configuration.

History

No history.

Information

Published : 2024-09-26 19:15

Updated : 2024-09-30 12:46

NVD link : CVE-2024-8118

Mitre link : CVE-2024-8118

CVE.ORG link : CVE-2024-8118

JSON object : View

Products Affected

No product.

CWE

CWE-653

Improper Isolation or Compartmentalization

{"id": "CVE-2024-8118", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@grafana.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-26T19:15:07.663", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2024-8118/", "source": "security@grafana.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@grafana.com", "description": [{"lang": "en", "value": "CWE-653"}]}], "descriptions": [{"lang": "en", "value": "In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules."}, {"lang": "es", "value": "En Grafana, se aplica el permiso incorrecto al endpoint de la API de escritura de reglas de alerta, lo que permite que los usuarios con permiso para escribir instancias de alerta externas tambi\u00e9n escriban reglas de alerta."}], "lastModified": "2024-09-30T12:46:20.237", "sourceIdentifier": "security@grafana.com"}

CVE-2024-8118

JSON object

Attach tags to CVE-2024-8118

Attach tags to `CVE-2024-8118`