Описание
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met:
enableSCIMfeature flag set to trueuser_sync_enabledconfig option in the[auth.scim]block set to true
A flaw was found in Grafana. In Grafana where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId. Because Grafana maps the SCIM externalId directly to the internal user.uid, numeric values (e.g. "1") may be interpreted as internal numeric user IDs. In specific cases this could allow the newly provisioned user to be treated as an existing internal account, such as the built-in Admin, leading to potential impersonation or privilege escalation. This issue affects only deployments with SCIM enabled and configured.
Отчет
No Red Hat products or offerings are affected by this vulnerability. As the version of grafana (9.x/10.x) shipped in this version of Red Hat Enterprise Linux is not vulnerable to this CVE. The vulnerable versions listed in the CVE posting are >= 12.0.x which are all not in Red Hat Enterprise Linux.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Multicluster Global Hub | multicluster-globalhub/multicluster-globalhub-grafana-rhel9 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel9 | Not affected | ||
| Red Hat Enterprise Linux 10 | grafana | Not affected | ||
| Red Hat Enterprise Linux 8 | grafana | Not affected | ||
| Red Hat Enterprise Linux 9 | grafana | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
10 Critical
CVSS3
Связанные уязвимости
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true
Grafana Incorrect Privilege Assignment vulnerability
Уязвимость реализации стандарта SCIM платформы для мониторинга и наблюдения Grafana, позволяющая нарушителю получить несанкционированный доступ к платформе
EPSS
10 Critical
CVSS3