Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-5526

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. This issue was fixed in version 1.5.2

Published

2024-06-05T12:15:10.553

Last Modified

2024-11-21T09:47:52.290

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-918
Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	grafana	oncall	< 1.5.2	Yes

References

https://grafana.com/security/security-advisories/cve-2024-5526/ Vendor Advisory ([email protected])
https://grafana.com/security/security-advisories/cve-2024-5526/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)