A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2024-9476 advisory.

  - A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access     to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.
    This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their     Grafana instance.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
114829	Grafana 11.3.x < 11.3.0+security-01 Incorrect Privilege Assignment	Web App Scanning	Component Vulnerability	medium
114828	Grafana 11.2.x < 11.2.3+security-01 Incorrect Privilege Assignment	Web App Scanning	Component Vulnerability	medium
211633	Grafana Labs Privilege Escalation (CVE-2024-9476)	Nessus	Web Servers	medium

Detections

Analytics

CVE-2024-9476

medium

Tenable Plugins

medium

medium

medium