CVE Vulnerabilities

CVE-2024-8118

Improper Isolation or Compartmentalization

Published: Sep 26, 2024 | Modified: Apr 15, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
4.7 MODERATE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

Weakness

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

Affected Software

NameVendorStart VersionEnd Version
GrafanaUbuntuesm-apps/xenial*

Potential Mitigations

References