CVE-2024-10452: Grafana org admin can delete pending invites in different org

October 29, 2024 (updated November 4, 2024)

Organization admins can delete pending invites created in an organization they are not part of.

References

github.com/advisories/GHSA-66c4-2g2v-54qw
github.com/grafana/grafana
grafana.com/security/security-advisories/cve-2024-10452
nvd.nist.gov/vuln/detail/CVE-2024-10452
www.cve.org/CVERecord?id=CVE-2024-10452

Detect and mitigate CVE-2024-10452 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →