BIT-grafana-2024-8118

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2024-8118.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-grafana-2024-8118
Aliases
  • CVE-2024-8118
Published
2025-04-14T11:12:21.847Z
Modified
2025-05-20T10:02:07.006Z
Summary
Grafana alerting wrong permission on datasource rule write endpoint
Details

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:grafana:grafana:*:*:*:*:*:go:*:*"
    ]
}
References

Affected packages

Bitnami / grafana

Package

Name
grafana
Purl
pkg:bitnami/grafana

Severity

  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.5.0
Fixed
10.4.9
Introduced
11.0.0
Fixed
11.2.1