CVE-2024-9476 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-9476 Interim 1 9 2025-08-06T00:59:07Z current 2024-11-15T00:59:03Z 2025-08-06T00:59:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-9476 A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2025-June/040353.html E-Mail link for SUSE-SU-2025:01985-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040351.html E-Mail link for SUSE-SU-2025:01987-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040349.html E-Mail link for SUSE-SU-2025:01989-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040347.html E-Mail link for SUSE-SU-2025:01991-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3L5XBQXUNM6YDZKEI3NWZZ2KPACV7RPK/ E-Mail link for openSUSE-SU-2025:14681-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 SUSE Manager Client Tools 12 SUSE Manager Client Tools 15 SUSE Manager Client Tools for SLE Micro 5 SUSE Manager Proxy Module 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.5 openSUSE Leap 15.6 openSUSE Tumbleweed firewalld-prometheus-config-0.1-150000.3.62.2 golang-github-prometheus-alertmanager-0.26.0-1.31.2 golang-github-prometheus-node_exporter-1.9.1-1.36.2 golang-github-prometheus-prometheus-2.53.4-1.60.2 golang-github-prometheus-prometheus-2.53.4-150000.3.62.2 grafana grafana-11.3.2-1.1 grafana-11.5.5-1.79.2 grafana-11.5.5-150000.1.79.1 grafana-11.5.5-150200.3.72.2 prometheus-blackbox_exporter-0.26.0-1.27.1 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 release-notes-susemanager-4.3.15.2-150400.3.133.1 release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE grafana-11.5.5-150200.3.72.2 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 grafana-11.5.5-150200.3.72.2 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 golang-github-prometheus-node_exporter-1.9.1-1.36.2 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA golang-github-prometheus-node_exporter-1.9.1-1.36.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS golang-github-prometheus-node_exporter-1.9.1-1.36.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 golang-github-prometheus-alertmanager-0.26.0-1.31.2 as a component of SUSE Manager Client Tools 12 golang-github-prometheus-node_exporter-1.9.1-1.36.2 as a component of SUSE Manager Client Tools 12 golang-github-prometheus-prometheus-2.53.4-1.60.2 as a component of SUSE Manager Client Tools 12 grafana-11.5.5-1.79.2 as a component of SUSE Manager Client Tools 12 prometheus-blackbox_exporter-0.26.0-1.27.1 as a component of SUSE Manager Client Tools 12 firewalld-prometheus-config-0.1-150000.3.62.2 as a component of SUSE Manager Client Tools 15 golang-github-prometheus-prometheus-2.53.4-150000.3.62.2 as a component of SUSE Manager Client Tools 15 grafana-11.5.5-150000.1.79.1 as a component of SUSE Manager Client Tools 15 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 as a component of SUSE Manager Client Tools 15 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 as a component of SUSE Manager Client Tools for SLE Micro 5 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 as a component of SUSE Manager Proxy Module 4.3 release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of SUSE Manager Server 4.3 grafana-11.5.5-150200.3.72.2 as a component of openSUSE Leap 15.6 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 as a component of openSUSE Leap 15.6 grafana-11.3.2-1.1 as a component of openSUSE Tumbleweed grafana as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 grafana as a component of openSUSE Leap 15.5 A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance. CVE-2024-9476 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.15.2-150400.3.133.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.15.2-150400.3.133.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.15.2-150400.3.133.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.15.2-150400.3.133.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-11.5.5-150200.3.72.2 SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana-11.5.5-150200.3.72.2 SUSE Linux Enterprise Server 12 SP3-TERADATA:golang-github-prometheus-node_exporter-1.9.1-1.36.2 SUSE Linux Enterprise Server 12 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-1.36.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:golang-github-prometheus-node_exporter-1.9.1-1.36.2 SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.26.0-1.31.2 SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.9.1-1.36.2 SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.4-1.60.2 SUSE Manager Client Tools 12:grafana-11.5.5-1.79.2 SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.26.0-1.27.1 SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.62.2 SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.4-150000.3.62.2 SUSE Manager Client Tools 15:grafana-11.5.5-150000.1.79.1 SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.27.1 SUSE Manager Proxy Module 4.3:prometheus-blackbox_exporter-0.26.0-150000.1.27.1 SUSE Manager Server 4.3:release-notes-susemanager-4.3.15.2-150400.3.133.1 openSUSE Leap 15.6:grafana-11.5.5-150200.3.72.2 openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.27.1 openSUSE Tumbleweed:grafana-11.3.2-1.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana openSUSE Leap 15.5:grafana moderate 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N