CVE-2024-6322 — MEDIUM (5.4)

Vulnerability Description

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Related Weaknesses (CWE)

CWE-266

References

https://grafana.com/security/security-advisories/cve-2024-6322/

FAQ

What is CVE-2024-6322?

CVE-2024-6322 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as th...

How severe is CVE-2024-6322?

CVE-2024-6322 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6322?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.