CVE-2024-8118

CVSS

No CVSS.

n Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

References

Link	Resource
https://grafana.com/security/security-advisories/cve-2024-8118/

Configurations

No configuration.

History

30 Sep 2024, 12:46

Type	Values Removed	Values Added
Summary		(es) En Grafana, se aplica el permiso incorrecto al endpoint de la API de escritura de reglas de alerta, lo que permite que los usuarios con permiso para escribir instancias de alerta externas también escriban reglas de alerta.

26 Sep 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-26 19:15

Updated : 2024-09-30 12:46

NVD link : CVE-2024-8118

Mitre link : CVE-2024-8118

CVE.ORG link : CVE-2024-8118

JSON object : View

Products Affected

No product.

CWE

CWE-653

Improper Isolation or Compartmentalization

{"id": "CVE-2024-8118", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-26T19:15:07.663", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2024-8118/", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-653"}]}], "descriptions": [{"lang": "en", "value": "In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules."}, {"lang": "es", "value": "En Grafana, se aplica el permiso incorrecto al endpoint de la API de escritura de reglas de alerta, lo que permite que los usuarios con permiso para escribir instancias de alerta externas tambi\u00e9n escriban reglas de alerta."}], "lastModified": "2024-09-30T12:46:20.237", "sourceIdentifier": "[email protected]"}

CVE-2024-8118

JSON object

Attach tags to CVE-2024-8118

Attach tags to `CVE-2024-8118`