What is CVE-2024-6322?

CVE-2024-6322 is a medium-severity vulnerability in Grafana, classified under Incorrect Privilege Assignment. CVSS score: 4.4/10. Published 2024-08-20.

How severe is CVE-2024-6322?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Privilege escalation in Grafana

CVE-2024-6322

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to ea…

EPSS: 0.000 (9.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L.

Affected products

Grafana — versions 11.1.0, 11.1.2
Grafana Enterprise — versions 11.1.0, 11.1.2

Weakness classification (CWE)

CWE-266 — Incorrect Privilege Assignment

References

grafana.com/security/security-advisories/cve-2024-6322/

Frequently asked questions

What is CVE-2024-6322?: CVE-2024-6322 is a medium-severity vulnerability in Grafana, classified under Incorrect Privilege Assignment. CVSS score: 4.4/10. Published 2024-08-20.
How severe is CVE-2024-6322?: Medium severity. CVSS v3 base score is 4.4 out of 10.