Package grafana updated to version 11.2.2-alt2 for branch p10 in task 355256.

Published: 2024-09-26

BDU:2024-07696

Уязвимость реализации прикладного программного интерфейса Endpoint платформы для мониторинга и наблюдения Grafana, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (4.1) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2024-8118

Published: 2024-09-26
Modified: 2024-09-30

CVE-2024-8118

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

References:

https://grafana.com/security/security-advisories/cve-2024-8118/

Version: 2.1.0

Package grafana update in p10 on 2024-12-23

ALT-PU-2024-17179-2

Closed vulnerabilities

BDU:2024-07696

CVE-2024-8118