CVE-2024-9476: Privilege escalation vulnerability for Organizations in Grafana
First published: Wed Nov 13 2024(Updated: )
A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.
Credit: security@grafana.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grafana |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9476?
CVE-2024-9476 has been classified as a medium severity vulnerability.
How do I fix CVE-2024-9476?
To mitigate CVE-2024-9476, update your Grafana Labs Grafana OSS and Enterprise to the latest version that addresses this vulnerability.
Who is affected by CVE-2024-9476?
CVE-2024-9476 affects users of Grafana Labs Grafana OSS and Enterprise who utilize the Grafana Cloud Migration Assistant.
What type of vulnerability is CVE-2024-9476?
CVE-2024-9476 is a privilege escalation vulnerability that allows unauthorized access to resources from other organizations.
When was CVE-2024-9476 disclosed?
CVE-2024-9476 was disclosed in November 2024.
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/trending
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/grafana labs
- canonical/grafana