CVE-2024-8118

MEDIUM

Grafana - Privilege Escalation

Title source: llm

Description

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

Exploits (1)

nomisec WORKING POC

by nurarifin05 · poc

https://github.com/nurarifin05/POC-CVE-2024-8118

View Code ZIP pw:eip

References (1)

[Various Sources] https://grafana.com/security/security-advisories/cve-2024-8118/

Scores

CVSS v4 5.1

EPSS 0.0010

EPSS Percentile 26.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-653

Status published

Products (5)

Grafana/Grafana 10.4.0 - 10.4.9

Grafana/Grafana 11.0.0 - 11.0.5

Grafana/Grafana 11.1.0 - 11.1.6

Grafana/Grafana 11.2.0 - 11.2.1

Grafana/Grafana 8.5.0 - 10.3.10

Published Sep 26, 2024

Tracked Since Feb 18, 2026