Bug 2314990 (CVE-2024-8118)
| Summary: | CVE-2024-8118 grafana: wrong permission is applied to the alert rule write API endpoint | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | ben.argyle, lchilton, sfeifer |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Grafana. The wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2315039 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-09-26 19:20:31 UTC
https://access.redhat.com/security/cve/CVE-2024-8118 states "will not fix" yet this BZ is still open. Is there a chance it'll be fixed, either by a version bump or backport? |