CVE-2024-9476 MEDIUM

CVE-2024-9476: Privilege escalation vulnerability for Organizations in Grafana

Vendor Grafana Labs
Product Grafana OSS and Enterprise
Weakness CWE-266
Published November 13, 2024
Last update November 23, 2025

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.

Key dates

02Disclosure timeline

November 13, 2024 CVE published
November 23, 2025 Record updated

Related vulnerabilities

04Related CVE