CVE-2024-1313

Summary

CVE-2024-1313 is a vulnerability that allows a user from a different organization to bypass authorization and delete a snapshot in Grafana. This can be done by issuing a DELETE request to /api/snapshots/<key> using the view key. The bug in the authorization logic treats deletion requests from unprivileged users in different organizations as authorized. This vulnerability affects Grafana versions 9.5.0 to 9.5.18, 10.0.0 to 10.0.13, 10.1.0 to 10.1.9, 10.2.0 to 10.2.6, and 10.3.0 to 10.3.5. The danger posed by this vulnerability is rated as MEDIUM with a base score of 6.5 according to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N vector string provided by Grafana Labs' security team. Note: The provided text did not contain information on how to remediate the vulnerability or the potential danger it poses, so this information is not included in the summary report.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.