CVE-2024-9264

HIGH

CVSS v3

8.8

HIGH

EPSS Score

94.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.

Technical Details

Published
10/18/2024

Frequently Asked Questions

What is CVE-2024-9264?

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.

Is CVE-2024-9264 actively exploited?

Active exploitation of CVE-2024-9264 has not been confirmed. The EPSS score is 94.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-9264?

CVE-2024-9264 has a CVSS v3 base score of 8.8 (HIGH severity).

Is CVE-2024-9264 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.