CVERadar

CVE-2024-1313

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00036/1

CVE-2024-1313 allows unauthorized users to delete Grafana snapshots. This vulnerability enables a user from a different organization than the snapshot owner to bypass authorization and delete snapshots via a DELETE request, exploiting a flaw in the authorization logic. The SVRS score of 30 suggests a moderate risk. While the CVSS score is 0, indicating no direct impact, the SVRS considers factors beyond the quantitative analysis. This authorization bypass means an unprivileged user could delete critical data, leading to potential data loss and service disruption. Fixed versions are available. The vulnerability affects Grafana versions 9.5.0 before 9.5.18, 10.0.0 before 10.0.13, 10.1.0 before 10.1.9, 10.2.0 before 10.2.6, and 10.3.0 before 10.3.5. Upgrade to the latest version of Grafana to mitigate this risk.

TAGS

In The Wild

VECTOR STRING

PUBLICATION DATE2024-03-26

LAST MODIFIED2025-02-13

SOCRadar

AI Insight

Description

CVE-2024-1313 is a vulnerability in Grafana that allows an unprivileged user in a different organization from the snapshot owner to bypass authorization and delete a snapshot. This is due to a bug in the authorization logic that treats deletion requests issued by unprivileged users as authorized.

Key Insights

SVRS: 44, indicating a moderate risk.
Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
Exploit Status: No active exploits have been published.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
In the Wild: This vulnerability is not known to be actively exploited by hackers.

Mitigation Strategies

Update Grafana to version 9.5.18, 10.0.13, 10.1.9, 10.2.6, or 10.3.5 or later.
Restrict access to the /api/snapshots/<key> endpoint to only authorized users.
Monitor for any unauthorized deletion of snapshots.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Exposing a New BOLA Vulnerability in Grafana

Ravid Mazon and Jay Chen2024-03-27

Exposing a New BOLA Vulnerability in Grafana | Unit 42 researchers discovered CVE-2024-1313, a broken object level authorization (BOLA) vulnerability in open-source data visualization platform Grafana. The post Exposing a New BOLA Vulnerability in Grafana appeared first on Unit 42.

cve-2024-1313

domains

urls

cves

CVE-2024-1313 | Grafana up to 9.5.17/10.0.12/10.1.8/10.2.5/10.3.4 Delete Request /api/snapshots/ authorization

vuldb.com2024-05-05

CVE-2024-1313 | Grafana up to 9.5.17/10.0.12/10.1.8/10.2.5/10.3.4 Delete Request /api/snapshots/ authorization | A vulnerability has been found in Grafana up to 9.5.17/10.0.12/10.1.8/10.2.5/10.3.4 and classified as problematic. This vulnerability affects unknown code of the file /api/snapshots/ of the component Delete Request Handler. The manipulation leads to authorization bypass. This vulnerability was named CVE-2024-1313. The attack can

cve-2024-1313

domains

urls

cves

Social Media

transilienceai

@transilienceai

2024-06-23

Actively exploited CVE ID, source in the thread (generated, not vetted) CVE-2024-1313

Threat Intelligence

@threatintel

2024-05-10

#ThreatProtection #CVE-2024-1313 - #BOLA #vulnerability in #Grafana, read more about Symantec's protection: https://t.co/OEHUC5L7qz

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://grafana.com/security/security-advisories/cve-2024-1313/
[email protected]	https://grafana.com/security/security-advisories/cve-2024-1313/
[email protected]	https://security.netapp.com/advisory/ntap-20240524-0008/
AF854A3A-2127-422B-91AE-364DA2661108	https://grafana.com/security/security-advisories/cve-2024-1313/
AF854A3A-2127-422B-91AE-364DA2661108	https://security.netapp.com/advisory/ntap-20240524-0008/
[email protected]	https://grafana.com/security/security-advisories/cve-2024-1313/
[email protected]	https://security.netapp.com/advisory/ntap-20240524-0008/

CWE Details

CWE ID	CWE Name	Description
CWE-639	Authorization Bypass Through User-Controlled Key	The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence