2322639 – (CVE-2024-9476) CVE-2024-9476 grafana: Privilege escalation vulnerability in Grafana Migration Assistance

Bug 2322639 (CVE-2024-9476) - CVE-2024-9476 grafana: Privilege escalation vulnerability in Grafana Migration Assistance

Summary: CVE-2024-9476 grafana: Privilege escalation vulnerability in Grafana Migratio...

Keywords:
Status:	NEW
Alias:	CVE-2024-9476
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2322640
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-30 01:03 UTC by OSIDB Bzimport
Modified:	2024-11-14 09:37 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-10-30 01:03:20 UTC

A privilege escalation vulnerability has been discovered in Self-managed Grafana OSS and Grafana Enterprise version 11.2, which allows users to gain access to resources from other organizations within the same Grafana instance, via the Grafana Cloud Migration Assistant. This only affects customers that use the Organizations feature to isolate resources on their Grafana instance. 
Component Impacted: Grafana Cloud Migration Assistant. The migration assistant enables users to take a snapshot of their resources (dashboards, folders, and data sources) and copy them to a Grafana Cloud instance. This enables an easy and quick migration to the cloud without the need for CLI tools and scripting.

Note You need to log in before you can comment on or make changes to this bug.