SysAdmin 24x7

Exposing a New BOLA Vulnerability in Grafana

Executive Summary

Unit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. Grafana is a popular open-source data observability and visualization platform with over 20 million users worldwide and almost 60,000 stars on GitHub.
This vulnerability, assigned as CVE-2024-1313 with a CVSS score of 6.5

https://unit42.paloaltonetworks.com/new-bola-vulnerability-grafana/

Unit 42

Exposing a New BOLA Vulnerability in Grafana

Unit 42 researchers discovered CVE-2024-1313, a broken object level authorization (BOLA) vulnerability in open-source data visualization platform Grafana.

www.tg-me.com/us/SysAdmin 24x7/com.sysadmin24x7/5716

870 viewsMar 28 at 07:57

Exposing a New BOLA Vulnerability in Grafana

Executive Summary

Unit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. Grafana is a popular open-source data observability and visualization platform with over 20 million users worldwide and almost 60,000 stars on GitHub.
This vulnerability, assigned as CVE-2024-1313 with a CVSS score of 6.5

https://unit42.paloaltonetworks.com/new-bola-vulnerability-grafana/

BY SysAdmin 24x7