Bug 2322639 (CVE-2024-9476)
| Summary: | CVE-2024-9476 grafana: Privilege escalation vulnerability in Grafana Migration Assistance | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | lchilton, security-response-team, sfeifer |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A privilege escalation vulnerability has been discovered in Self-managed Grafana OSS and Grafana Enterprise, affecting the Grafana Cloud Migration Assistant. The flaw allows users to gain unauthorized access to resources (dashboards, folders, data sources) from other organizations within the same Grafana instance, bypassing intended resource isolation. This issue impacts customers using the Organizations feature for multi-organization setups.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2322640 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-10-30 01:03:20 UTC
|