A vulnerability in Grafana Labs Grafana OSS and... · CVE-2024-9476 · GitHub Advisory Database · GitHub

A vulnerability in Grafana Labs Grafana OSS and...

Moderate severity Unreviewed Published Nov 13, 2024 to the GitHub Advisory Database • Updated Nov 14, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.

References

Published by the National Vulnerability Database

Nov 13, 2024

Published to the GitHub Advisory Database Nov 13, 2024

Last updated Nov 14, 2024

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Local

Attack Complexity Low

Attack Requirements None

Privileges Required High

User interaction Active

Vulnerable System Impact Metrics

Confidentiality High

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X