CVE-2024-9476 Privilege escalation vulnerability for Organizations in Grafana

🗓️ 13 Nov 2024 16:30:54Reported by GRAFANAType

Privilege escalation vulnerability in Grafana for Organization

Reporter	Title	Published	Views	Family All 50
BDU FSTEC	The vulnerability of the application programming interface of the Grafana monitoring and observation platform’s Endpoint allows a perpetrator to escalate their privileges.	3 Oct 202400:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Expressions function on the Grafana monitoring and observation platform allows a hacker to execute arbitrary code.	21 Oct 202400:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Organizations function on the Grafana monitoring and observation platform allows a hacker to escalate their privileges.	20 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-9476	13 Nov 202418:54	–	circl
CNNVD	Grafana OSS and Enterprise 安全漏洞	13 Nov 202400:00	–	cnnvd
CVE	CVE-2024-9476	13 Nov 202416:30	–	cve
EUVD	EUVD-2024-50312	3 Oct 202520:07	–	euvd
Grafana	Privilege escalation vulnerability for Organizations in Grafana	12 Nov 202400:00	–	grafana
Tenable Nessus	Grafana Labs Privilege Escalation (CVE-2024-9476)	20 Nov 202400:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : grafana (openSUSE-SU-2026:20654-1)	2 May 202600:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "Grafana OSS and Enterprise",
    "vendor": "Grafana Labs",
    "versions": [
      {
        "lessThan": "11.3.0+security-01",
        "status": "affected",
        "version": "11.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "11.2.3+security-01",
        "status": "affected",
        "version": "11.2.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
grafana	www.grafana.com/blog/2024/11/12/grafana-security-release-medium-severity-security-fix-for-cve-2024-9476/
grafana	www.grafana.com/security/security-advisories/cve-2024-9476/

23 Nov 2025 15:33Current

CVSS 45.1

EPSS0.00016

CWE-266