Privilege escalation vulnerability for Organizations in Grafana

Medium
Advisory ID:CVE-2024-9476
Published:2024-11-12
Product:Grafana
CVSS Score:5.1
CVSS Vector:CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Fixed Versions:
>=11.3.0+security-01
>=11.2.3+security-01

Summary

A privilege escalation vulnerability allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant. This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.

This impacts Grafana and Grafana between version 11.3.0 -> 11.3.0+security-01, and 11.2.0 -> 11.2.3+security-01