Grafana has released security updates to address a critical vulnerability in its Enterprise version that received the maximum CVSS severity score of 10.0. The flaw, tracked as CVE-2024-5264, allows an unauthenticated attacker to take over any user account, including those with administrator privileges.

The vulnerability was discovered by security researcher Asm Safi and reported on May 24, 2024. According to Grafana’s security advisory, there is no evidence that this vulnerability has been exploited in the wild.

Vulnerability Details: CVE-2024-5264

The security flaw resides within the System for Cross-domain Identity Management (SCIM) functionality, which is exclusive to Grafana Enterprise. SCIM is used for automating user provisioning and identity management across different domains.

The core of the issue is an authentication bypass. An unauthenticated remote attacker who knows a target user’s username or email address can add their own authentication credentials, such as an OAuth token or a new password, to the target’s account. This action does not require any prior authentication, effectively allowing the attacker to hijack the account.

Impact and Mitigation Measures

The successful exploitation of CVE-2024-5264 enables an attacker to impersonate any user within the Grafana instance. Since an attacker can target an administrator account, this leads to a complete privilege escalation, granting the attacker full control over the Grafana platform.

The vulnerability affects Grafana Enterprise versions from 8.0.0 to 10.4.3. Grafana has addressed the flaw and released patches in the following versions: 11.0.0, 10.4.4, 10.3.6, and 10.2.7. Administrators of affected Grafana Enterprise instances are advised to upgrade to a patched version to mitigate the risk.

Source: https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html