Home > Vulnerability Database > CVE-2024-8118

Mend.io Vulnerability Database

CVE-2024-8118

Date: September 26, 2024

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

Language: Go

Severity Score

5.4

Related Resources (3)

Url: https://grafana.com/security/security-advisories/cve-2024-8118/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8118

Url: https://www.mend.io/vulnerability-database/CVE-2024-8118

Severity Score

5.4

Weakness Type (CWE)

Improper Isolation or Compartmentalization

CWE-653

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8118

Date: September 26, 2024

Language: Go

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?