Plattform
grafana
Komponente
github.com/grafana/grafana
Behoben in
9.5.7
10.0.12
10.1.8
10.2.5
10.3.4
9.5.7
CVE-2024-1442 describes a privilege escalation vulnerability within Grafana, allowing users with the ability to create data sources to manage all data sources within the system. This effectively bypasses intended access controls. The vulnerability affects Grafana versions 8.5.0 through 9.5.6, as well as several versions within the 10.x series (10.0.0-10.0.11, 10.1.0-10.1.7, and 10.2.0-10.2.4). A fix has been released in Grafana version 9.5.7.
The core impact of CVE-2024-1442 lies in the potential for unauthorized data source management. An attacker who can create data sources can then modify, delete, or create new data sources, potentially leading to data breaches, service disruption, or even complete control over Grafana's data visualization capabilities. This could involve injecting malicious queries into data sources, manipulating dashboards to display false information, or disrupting the availability of critical monitoring data. The blast radius extends to any sensitive data accessed through Grafana's data sources, including application metrics, infrastructure logs, and business intelligence reports. While the vulnerability doesn't directly grant shell access, the ability to manipulate data sources can be a stepping stone for further attacks.
CVE-2024-1442 is not currently listed on KEV. The EPSS score is likely low to medium, given the requirement for existing data source creation permissions. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature suggests it could be easily exploited once a PoC is released. The vulnerability was publicly disclosed on June 5, 2024, coinciding with the CVE publication.
Organizations heavily reliant on Grafana for monitoring and data visualization are particularly at risk. This includes those with complex Grafana deployments involving numerous data sources and a large number of users. Shared hosting environments where multiple users share a Grafana instance are also vulnerable, as a compromised user could potentially affect all other users on the system.
• linux / server: Examine Grafana logs for suspicious data source creation attempts by users without sufficient privileges. Use journalctl -u grafana to filter for relevant events.
• generic web: Monitor Grafana's access logs for unusual patterns of data source creation or modification requests. Look for requests originating from unexpected IP addresses or user agents.
• database (mysql, postgresql): If Grafana connects to a database, monitor the database logs for unauthorized queries or data modifications that could be linked to Grafana's data source configurations.
disclosure
Exploit-Status
EPSS
0.21% (43% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-1442 is to upgrade Grafana to version 9.5.7 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider restricting data source creation permissions to a limited set of trusted users. Implement robust access controls to ensure that only authorized personnel can create or modify data sources. Review existing data source configurations to identify any potential vulnerabilities or misconfigurations. While a WAF or proxy cannot directly prevent this vulnerability, they can be configured to monitor for unusual data source modification requests. After upgrading, verify the fix by attempting to create a data source with a non-administrative user account and confirming that the creation is denied.
Actualice Grafana a la versión 9.5.7 o superior, 10.0.12 o superior, 10.1.8 o superior, 10.2.5 o superior, o 10.3.4 o superior. Esto corrige la vulnerabilidad que permite a un usuario con permisos para crear fuentes de datos acceder a todas las fuentes de datos dentro de la organización. La actualización impedirá la creación de fuentes de datos con el UID establecido en *.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-1442 is a medium severity vulnerability in Grafana allowing users with data source creation permissions to manage all data sources, potentially leading to unauthorized data access and configuration changes.
You are affected if you are running Grafana versions before 9.5.7, 10.0.12, 10.1.8, or 10.2.5. Assess your Grafana deployment and upgrade accordingly.
Upgrade Grafana to version 9.5.7 or later. Implement stricter access controls to limit data source creation permissions if an immediate upgrade is not possible.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation makes it a potential target. Monitor your Grafana instance for suspicious activity.
Refer to the official Grafana security advisory: https://grafana.com/security/advisories/CVE-2024-1442
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.