Red Hat Security Advisory: grafana security update
A security update for Grafana in Red Hat Enterprise Linux 8 addresses two vulnerabilities: a memory leak issue in golang-fips/openssl related to RSA encryption/decryption (CVE-2024-1394) and an authorization bypass vulnerability in Grafana itself (CVE-2024-1313). The authorization bypass vulnerability is rated as high severity by Red Hat. Updated packages are available to remediate these issues. Users of affected Red Hat Enterprise Linux 8 versions should apply the provided updates to mitigate these vulnerabilities.
AI Analysis
Technical Summary
Red Hat Product Security released an important security advisory (RHSA-2024:3265) for Grafana packages in Red Hat Enterprise Linux 8. The advisory addresses two vulnerabilities: CVE-2024-1313, an authorization bypass vulnerability in Grafana, and CVE-2024-1394, memory leaks in golang-fips/openssl during RSA payload encryption and decryption. The update fixes these issues in Grafana version 9.2.10-16.el8_10 across multiple architectures. No CVSS scores are provided in the advisory, but the authorization bypass is considered high severity. The advisory includes detailed package updates and instructions for applying the fix.
Potential Impact
The authorization bypass vulnerability (CVE-2024-1313) in Grafana could allow unauthorized users to bypass access controls, potentially exposing sensitive metrics or dashboards. The memory leak vulnerability (CVE-2024-1394) in golang-fips/openssl could lead to resource exhaustion on affected systems. Red Hat rates the overall impact as important, with the authorization bypass specifically rated high severity. There are no known exploits in the wild at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 8 that address these vulnerabilities. Users should apply the official security update as detailed in Red Hat advisory RHSA-2024:3265 and the referenced article https://access.redhat.com/articles/11258. Applying these updates will remediate both the authorization bypass and memory leak issues. No additional mitigation steps are indicated or required beyond applying the official patches.
Red Hat Security Advisory: grafana security update
Description
A security update for Grafana in Red Hat Enterprise Linux 8 addresses two vulnerabilities: a memory leak issue in golang-fips/openssl related to RSA encryption/decryption (CVE-2024-1394) and an authorization bypass vulnerability in Grafana itself (CVE-2024-1313). The authorization bypass vulnerability is rated as high severity by Red Hat. Updated packages are available to remediate these issues. Users of affected Red Hat Enterprise Linux 8 versions should apply the provided updates to mitigate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Product Security released an important security advisory (RHSA-2024:3265) for Grafana packages in Red Hat Enterprise Linux 8. The advisory addresses two vulnerabilities: CVE-2024-1313, an authorization bypass vulnerability in Grafana, and CVE-2024-1394, memory leaks in golang-fips/openssl during RSA payload encryption and decryption. The update fixes these issues in Grafana version 9.2.10-16.el8_10 across multiple architectures. No CVSS scores are provided in the advisory, but the authorization bypass is considered high severity. The advisory includes detailed package updates and instructions for applying the fix.
Potential Impact
The authorization bypass vulnerability (CVE-2024-1313) in Grafana could allow unauthorized users to bypass access controls, potentially exposing sensitive metrics or dashboards. The memory leak vulnerability (CVE-2024-1394) in golang-fips/openssl could lead to resource exhaustion on affected systems. Red Hat rates the overall impact as important, with the authorization bypass specifically rated high severity. There are no known exploits in the wild at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 8 that address these vulnerabilities. Users should apply the official security update as detailed in Red Hat advisory RHSA-2024:3265 and the referenced article https://access.redhat.com/articles/11258. Applying these updates will remediate both the authorization bypass and memory leak issues. No additional mitigation steps are indicated or required beyond applying the official patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:3265
- Cve Count
- 2
- Additional Cves
- ["CVE-2024-1394"]
- Cvss Version
- null
Threat ID: 6a19fee2e29bf47b500fe892
Added to database: 5/29/2026, 9:02:26 PM
Last enriched: 5/29/2026, 9:19:09 PM
Last updated: 5/29/2026, 10:15:51 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.