CVE-2024-5526

Name of the Vulnerable Software and Affected Versions Grafana OnCall versions 1.1.37 through 1.5.1

Description The issue is related to insufficient validation of incoming requests in the webhook functionality of Grafana OnCall, which can allow a remote attacker to perform a Server Side Request Forgery (SSRF) attack. This issue was fixed in version 1.5.2.

Recommendations For versions 1.1.37 through 1.5.1, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider disabling the webhook functionality until a patch is available.