vulnerability

Alpine Linux: CVE-2024-8118: Improper Isolation or Compartmentalization

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:M/C:P/I:P/A:P)

Published

Sep 26, 2024

Added

Oct 10, 2024

Modified

Mar 25, 2026

Description

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

Solution

alpine-linux-upgrade-grafana

References

CVE-2024-8118
https://attackerkb.com/topics/CVE-2024-8118
https://security.alpinelinux.org/vuln/CVE-2024-8118
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-48948
CWE-653
EUVD-EUVD-2024-48948

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report