AIKIDO-2024-10460
grafana-enterprise is vulnerable to Incorrect Privilege Assignment
53
Medium Risk
This Affects:
grafana-enterpriseTL;DR
Affected versions of this package are vulnerable to improper privilege assignment, leading to potential privilege escalation. In self-managed Grafana OSS v11.2 and Grafana Enterprise v11.2, a vulnerability was identified during routine internal testing. This flaw allows users to access resources belonging to other organizations within the same Grafana instance by exploiting the Grafana Cloud Migration Assistant, undermining organizational boundaries and security controls.
Who does this affect?
You are affected if you are using a version which is within vulnerability ranges
Background info
grafana-enterprise is vulnerable to Incorrect Privilege Assignment in versions 11.2.0 - 11.2.3 and 11.3.0 - 11.3.0.
How to fix this
Upgrade the grafana-enterprise library to a patch version.
Links
grafana.com/blog/2024/11/12/grafana-security-release-medium-severity-security-fix-for-cve-2024-9476/grafana.com/security/security-advisories/cve-2024-9476/
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant