CVE-2024-8118 Vulnerability Details

  /     /     /  

CVE-2024-8118 Metadata Quick Info

CVE Published: 26/09/2024 | CVE Updated: 26/09/2024 | CVE Year: 2024
Source: GRAFANA | Vendor: Grafana | Product: Grafana
Status : PUBLISHED

CVE-2024-8118 Description

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-653
CWE Name: CWE-653: Improper Isolation or Compartmentalization
Source: Grafana

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-1
CAPEC Description: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-8118 Vulnerability Details