CVE-2024-8118 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-8118 PUBLISHED

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

EPSS 0.09% · 25.4th percentile

Risk Scores

EPSS Score

0.09%

25.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	8.5.0, 11.0.0
Bitnami	grafana	8.5.0, 11.0.0

Timeline

Sep 26, 2024 CVE Published
Sep 26, 2024 CVE Updated
Sep 26, 2024 PoC Published
Sep 27, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 16, 2024 EPSS Score
Nov 3, 2024 EPSS Score
Nov 22, 2024 EPSS Score
Dec 12, 2024 EPSS Score
Dec 31, 2024 EPSS Score
Jan 18, 2025 EPSS Score
Feb 6, 2025 EPSS Score

References

Open in Interactive Console →