Incorrect Privilege Assignment Affecting github.com/grafana/grafana/pkg/middleware package, versions >=11.1.0 <11.1.1 >=11.1.2 <11.1.3
Threat Intelligence
EPSS
0.04% (11th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMGRAFANAGRAFANAPKGMIDDLEWARE-7723925
- published 21 Aug 2024
- disclosed 20 Aug 2024
- credit Unknown
Introduced: 20 Aug 2024
CVE-2024-6322 Open this link in a new tabHow to fix?
Upgrade github.com/grafana/grafana/pkg/middleware
to version 11.1.1, 11.1.3 or higher.
Overview
github.com/grafana/grafana/pkg/middleware is a The open-source platform for monitoring and observability.
Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the ReqActions
json field of plugin.json
. An attacker can bypass access controls by exploiting the scope of the ReqActions
check, which is not limited to each specific datasource.
Note:
This is only exploitable if the account has prior query access to the impacted datasource.