CVE-2024-6322 — Vulnetix

CVE-2024-6322 PUBLISHED

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.

EPSS 0.03% · 9.8th percentile

Risk Scores

EPSS Score

0.03%

9.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	11.1.0
Bitnami	grafana	11.1.0

Timeline

Aug 20, 2024 CVE Published
Aug 21, 2024 EPSS Score
Sep 11, 2024 EPSS Score
Oct 1, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 22, 2024 EPSS Score
Nov 11, 2024 EPSS Score
Dec 3, 2024 EPSS Score
Dec 23, 2024 EPSS Score
Jan 13, 2025 EPSS Score
Feb 2, 2025 EPSS Score
Feb 23, 2025 EPSS Score

References

https://grafana.com/security/security-advisories/cve-2024-6322/ url
https://nvd.nist.gov/vuln/detail/CVE-2024-6322 url

Open in Interactive Console →