CVE-2024-1313

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 26, 2024
Updated: Mar 27, 2024
CWE ID 639

Summary

CVE-2024-1313 is a vulnerability that allows a user from a different organization to bypass authorization and delete a snapshot in Grafana. This can be done by issuing a DELETE request to /api/snapshots/ using the view key. The bug in the authorization logic treats deletion requests from unprivileged users in different organizations as authorized. This vulnerability affects Grafana versions 9.5.0 to 9.5.18, 10.0.0 to 10.0.13, 10.1.0 to 10.1.9, 10.2.0 to 10.2.6, and 10.3.0 to 10.3.5. The danger posed by this vulnerability is rated as MEDIUM with a base score of 6.5 according to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N vector string provided by Grafana Labs' security team.

Note: The provided text did not contain information on how to remediate the vulnerability or the potential danger it poses, so this information is not included in the summary report.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1313 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options