Grafana — CVE-2024-9264
TL;DR CVE-2024-9264 is a critical vulnerability in Grafana 11.x where the SQL Expressions feature forwards attacker-controlled SQL to a backend (DuckDB), enabling local file reads (LFI) and, in some setups, remote code execution (RCE). In many config...
Sep 17, 20254 min read13
