PT-2024-8344 · Grafana+2 · Grafana+2

Published

2024-08-27

·

Updated

2025-06-18

·

CVE-2024-9476

CVSS v4.0

5.1

Medium

VectorAV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Grafana versions (affected versions not specified)
Description A vulnerability in Grafana Labs Grafana OSS and Enterprise allows privilege escalation, enabling users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant. This issue is related to insufficient access control in the Organizations feature, which is used to isolate resources on a Grafana instance. The vulnerability will only affect users who utilize this feature.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

BDU:2024-09900
CVE-2024-9476
OPENSUSE-SU-2025:14681-1
SUSE-SU-2025:01985-1
SUSE-SU-2025:01987-1
SUSE-SU-2025:01989-1
SUSE-SU-2025:01991-1
SUSE-SU-2025_01987-1

Affected Products

Grafana
Red Os
Suse