CVE-2024-8118

MEDIUM

Grafana 8.5.0-10.3.9, 10.4.0-10.4.8, 11.0.0-11.0.4, 11.1.0-11.1.5, 11.2.0 - Alert Rule Write API Permission Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-8118. PoCs published by nurarifin05.

AI-analyzed exploit summary This PoC demonstrates an authorization bypass in Grafana (CVE-2024-8118) where a Viewer role token can create alert rules, which should be restricted. The script sends a POST request to the ruler API endpoint with a crafted payload to test for vulnerability.

Description

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

Exploits (1)

nomisec WORKING POC
by nurarifin05 · poc
https://github.com/nurarifin05/POC-CVE-2024-8118

This PoC demonstrates an authorization bypass in Grafana (CVE-2024-8118) where a Viewer role token can create alert rules, which should be restricted. The script sends a POST request to the ruler API endpoint with a crafted payload to test for vulnerability.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Grafana (version not specified)
Auth required
Prerequisites: Valid Grafana instance URL · Viewer role token · Datasource UID · Namespace
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v4 5.1
EPSS 0.0058
EPSS Percentile 43.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-653
Status published
Products (5)
Grafana/Grafana 10.4.0 - 10.4.9
Grafana/Grafana 11.0.0 - 11.0.5
Grafana/Grafana 11.1.0 - 11.1.6
Grafana/Grafana 11.2.0 - 11.2.1
Grafana/Grafana 8.5.0 - 10.3.10
Published Sep 26, 2024
Tracked Since Feb 18, 2026