Vulnerability Details CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.923
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.9
References