CVE-2024-10452

CVSS v2.0

3.3

Low

Vector

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Grafana (affected versions not specified)

Description The issue allows organization admins to delete pending invites created in an organization they are not part of. This can be exploited by a Grafana org admin to delete pending invites in different organizations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

BDU:2025-01981

BIT-GRAFANA-2024-10452

CVE-2024-10452

ECHO-E568-C4CA-22D1

GHSA-66C4-2G2V-54QW

GO-2024-3240

OPENSUSE-SU-2024:0350-1

OPENSUSE-SU-2024:14458-1

OPENSUSE-SU-2024_3950-1

SUSE-SU-2024:3950-1

Affected Products

Grafana

Red Os

Suse

CVE-2024-10452

Weakness Enumeration

Related Identifiers

Affected Products

References · 86