Privilege escalation vulnerability for Organizations in Grafana
CVE ID: CVE-2024-9476
Date Published: November 12, 2024
Description:
A privilege escalation vulnerability allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant. This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.
This impacts Grafana OSS and Grafana Enterprise between version 11.3.0 -> 11.3.0+security-01, and 11.2.0 -> 11.2.3+security-01