CVE-2024-8118

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Grafana (affected versions not specified)

Description: The issue is related to the wrong permission being applied to the alert rule write API endpoint in Grafana. This allows users with permission to write external alert instances to also write alert rules, potentially leading to privilege escalation. The vulnerability is associated with insufficient spatial separation in the implementation of the API endpoint.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Privilege Assignment

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-653CWE-266CWE-94

Related Identifiers

ALT-PU-2024-14495

ALT-PU-2024-15271

ALT-PU-2024-17179

BDU:2024-07696

BDU:2024-08254

BDU:2024-09900

BIT-GRAFANA-2024-8118

CVE-2024-8118

OPENSUSE-SU-2024:14431-1

OPENSUSE-SU-2025_0525-1

OPENSUSE-SU-2025_0545-1

SUSE-SU-2025:0524-1

SUSE-SU-2025:0525-1

SUSE-SU-2025:0545-1

Affected Products

Alt Linux

Grafana

Red Os

Suse

CVE-2024-8118

Weakness Enumeration

Related Identifiers

Affected Products

References · 60