← Back

CVE-2024-10452

nvd nist
Published: Oct 29, 2024Modified: Nov 8, 2024

JSON object

Loading...
2.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Exploitability: 1.2 / Impact: 1.4
Source: NVD

Description

Organization admins can delete pending invites created in an organization they are not part of.

Affected (1)

Products: Grafana: Grafana
Grafana
1 product
Grafana
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Grafana
Version 10.4.0

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

Source: security@grafana.com
Vendor Advisory

Timeline

No history available yet.