Home > Vulnerability Database > CVE-2024-6322

Mend.io Vulnerability Database

CVE-2024-6322

Good to know:

Date: August 20, 2024

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.

Language: Go

Severity Score

5.4

Related Resources (8)

Url: https://grafana.com/security/security-advisories/cve-2024-6322

Url: https://github.com/grafana/grafana/commit/4cb3ba5d1a7ab8b9676034e89dada2fcde1766ef

Url: https://github.com/grafana/grafana

Url: https://grafana.com/security/security-advisories/cve-2024-6322/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6322

Url: https://github.com/grafana/grafana/commit/9cdba084a9100c6b11d32eef9d2bd53656c6964a

Url: https://github.com/advisories/GHSA-hh8p-374f-qgr5

Url: https://www.mend.io/vulnerability-database/CVE-2024-6322

Severity Score

5.4

Weakness Type (CWE)

Incorrect Privilege Assignment

CWE-266

Top Fix

Upgrade Version

Upgrade to version github.com/grafana/grafana - v11.1.1;github.com/grafana/grafana - v11.1.3;github.com/grafana/grafana - v0.0.0-20240725142242-c326d865c58b;github.com/grafana/grafana - v1.9.2-0.20240725142242-c326d865c58b

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6322

Good to know:

Date: August 20, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?