CVE-2024-10452
published 2024-10-29CVE-2024-10452: Organization admins can delete pending invites created in an organization they are not part of.
PriorityP49low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.50%
38.8th percentile
Organization admins can delete pending invites created in an organization they are not part of.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | grafana_grafana | 0 – 10.4.0 | — |
| grafana | grafana | — | — |
CVSS provenance
nvdv3.12.7LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
osv2.7LOW
vendor_redhat2.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
osv·2024-11-04
CVE-2024-10452 Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
OSV
CVE-2024-10452: Organization admins can delete pending invites created in an organization they are not part of
osv·2024-10-29·CVSS 2.7
CVE-2024-10452 [LOW] CVE-2024-10452: Organization admins can delete pending invites created in an organization they are not part of
Organization admins can delete pending invites created in an organization they are not part of.
GHSA
Grafana org admin can delete pending invites in different org
ghsa·2024-10-29
CVE-2024-10452 [LOW] CWE-639 Grafana org admin can delete pending invites in different org
Grafana org admin can delete pending invites in different org
Organization admins can delete pending invites created in an organization they are not part of.
OSV
Grafana org admin can delete pending invites in different org
osv·2024-10-29
CVE-2024-10452 [LOW] Grafana org admin can delete pending invites in different org
Grafana org admin can delete pending invites in different org
Organization admins can delete pending invites created in an organization they are not part of.
Red Hat
grafana: Org admin can delete pending invites in different org
vendor_redhat·2024-10-29·CVSS 2.2
CVE-2024-10452 [LOW] CWE-639 grafana: Org admin can delete pending invites in different org
grafana: Org admin can delete pending invites in different org
Organization admins can delete pending invites created in an organization they are not part of.
A flaw was found in Grafana. Organization administrators may be able to delete pending invites created in organizations they are not a part of.
Package: grafana (Red Hat Enterprise Linux 10) - Fix deferred
Package: grafana (Red Hat Enterprise Linux 8) - Fix deferred
Package: grafana (Red Hat Enterprise Linux 9) - Fix deferred
Package: grafana (Red Hat Storage 3) - Fix deferred
No detection rules found.
No public exploits indexed.
2024-10-29
Published