CVE-2024-1313
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-1313 is a vulnerability that allows a user from a different organization to bypass authorization and delete a snapshot in Grafana. This can be done by issuing a DELETE request to /api/snapshots/<key> using the view key. The bug in the authorization logic treats deletion requests from unprivileged users in different organizations as authorized. This vulnerability affects Grafana versions 9.5.0 to 9.5.18, 10.0.0 to 10.0.13, 10.1.0 to 10.1.9, 10.2.0 to 10.2.6, and 10.3.0 to 10.3.5. The danger posed by this vulnerability is rated as MEDIUM with a base score of 6.5 according to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N vector string provided by Grafana Labs' security team. Note: The provided text did not contain information on how to remediate the vulnerability or the potential danger it poses, so this information is not included in the summary report.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions