Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers.
Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity.
This issue was fixed in version 1.5.2
References
Link | Resource |
---|---|
https://grafana.com/security/security-advisories/cve-2024-5526/ | Vendor Advisory |
Configurations
History
11 Jun 2024, 17:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://grafana.com/security/security-advisories/cve-2024-5526/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
First Time |
Grafana
Grafana oncall |
|
CPE | cpe:2.3:a:grafana:oncall:*:*:*:*:*:*:*:* | |
Summary |
|
05 Jun 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-05 12:15
Updated : 2024-06-11 17:25
NVD link : CVE-2024-5526
Mitre link : CVE-2024-5526
CVE.ORG link : CVE-2024-5526
JSON object : View
Products Affected
grafana
- oncall
CWE
CWE-918
Server-Side Request Forgery (SSRF)