CVE-2024-1313

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 26, 2024

Updated: Jun 10, 2024

CWE ID 639

Summary

CVE-2024-1313: A vulnerability in Grafana's snapshot functionality allows unprivileged users from different organizations to bypass authorization and delete snapshots using view keys. This bug, which impacts versions of Grafana from 9.5.0 to 10.3.5, affects intended access controls, potentially leading to unintended snapshot deletion. Grafana Labs acknowledges the findings of Ravid Mazon and Jay Chen of Palo Alto Research and advises affected users to upgrade to the latest patched version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Grafana

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ub6Urp
https://www.cve.org/CVERecord?id=CVE-2024-1313
https://nvd.nist.gov/vuln/detail/CVE-2024-1313

Back to Vulnerability Database

CVE-2024-1313

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations