Advisory on CVE-2024-9264

On October 18, 2024, Grafana Labs disclosed a vulnerability introduced in Grafana 11 that may allow attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise.

This vulnerability is assigned the CVE ID CVE-2024-9264 and classified as Critical severity with a CVSS score of 9.9. For more information about the technical details of the vulnerability, refer to Grafana's official advisory.

Impacted IONOS Cloud Products

Product Ranges	Product	Impacted	Mitigated	Patch Status
Observability Products	Logging as-a Service	No	Not Applicable	Not Applicable
Observability Products	Monitoring Service	No	Not Applicable	Not Applicable

Product Ranges

Product

Impacted

Mitigated

Patch Status

Observability Products

Logging as-a Service

Not Applicable

Observability Products

Monitoring Service

Not Applicable

Risk on IONOS Cloud environment

IONOS Cloud infrastructure and services do not utilize the vulnerable version of Grafana, so they are not impacted.

What action can you take to mitigate the vulnerability?

If you are using custom images, we advise you to refer to the information provided by the Operating System (OS) vendor to address any concerns from this reported issue.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.

PreviousVulnerability Register NextAdvisory on Kubernetes Image Builder Vulnerabilities

Last updated 8 days ago