x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-66c4-2g2v-54qw

Advisory GHSA-66c4-2g2v-54qw references a vulnerability in the following Go modules:

Module
github.com/grafana/grafana

Description: Organization admins can delete pending invites created in an organization they are not part of.

References:

ADVISORY: https://github.com/advisories/GHSA-66c4-2g2v-54qw
ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-10452
ADVISORY: https://www.cve.org/CVERecord?id=CVE-2024-10452
WEB: https://grafana.com/security/security-advisories/cve-2024-10452

Cross references:

github.com/grafana/grafana appears in 52 other report(s):
- data/excluded/GO-2022-0259.yaml (https://github.com/golang/vulndb/issues/259) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0275.yaml (https://github.com/golang/vulndb/issues/275) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0276.yaml (https://github.com/golang/vulndb/issues/276) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0277.yaml (https://github.com/golang/vulndb/issues/277) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0296.yaml (https://github.com/golang/vulndb/issues/296) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0311.yaml (https://github.com/golang/vulndb/issues/311) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0312.yaml (https://github.com/golang/vulndb/issues/312) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0313.yaml (https://github.com/golang/vulndb/issues/313) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0753.yaml (https://github.com/golang/vulndb/issues/753) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0773.yaml (https://github.com/golang/vulndb/issues/773) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0934.yaml (https://github.com/golang/vulndb/issues/934) NOT_IMPORTABLE
- data/excluded/GO-2023-1599.yaml (https://github.com/golang/vulndb/issues/1599) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1603.yaml (https://github.com/golang/vulndb/issues/1603) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1604.yaml (https://github.com/golang/vulndb/issues/1604) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1673.yaml (https://github.com/golang/vulndb/issues/1673) NOT_A_VULNERABILITY
- data/excluded/GO-2023-1674.yaml (https://github.com/golang/vulndb/issues/1674) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1680.yaml (https://github.com/golang/vulndb/issues/1680) NOT_GO_CODE
- data/excluded/GO-2023-1843.yaml (https://github.com/golang/vulndb/issues/1843) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1844.yaml (https://github.com/golang/vulndb/issues/1844) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1856.yaml (https://github.com/golang/vulndb/issues/1856) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1875.yaml (https://github.com/golang/vulndb/issues/1875) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1964.yaml (https://github.com/golang/vulndb/issues/1964) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2120.yaml (https://github.com/golang/vulndb/issues/2120) EFFECTIVELY_PRIVATE
- data/excluded/GO-2024-2551.yaml (https://github.com/golang/vulndb/issues/2551) EFFECTIVELY_PRIVATE
- data/reports/GO-2022-0342.yaml (https://github.com/golang/vulndb/issues/342)
- data/reports/GO-2022-0707.yaml (https://github.com/golang/vulndb/issues/707)
- data/reports/GO-2024-2483.yaml (https://github.com/golang/vulndb/issues/2483)
- data/reports/GO-2024-2510.yaml (https://github.com/golang/vulndb/issues/2510)
- data/reports/GO-2024-2513.yaml (https://github.com/golang/vulndb/issues/2513)
- data/reports/GO-2024-2515.yaml (https://github.com/golang/vulndb/issues/2515)
- data/reports/GO-2024-2516.yaml (https://github.com/golang/vulndb/issues/2516)
- data/reports/GO-2024-2517.yaml (https://github.com/golang/vulndb/issues/2517)
- data/reports/GO-2024-2519.yaml (https://github.com/golang/vulndb/issues/2519)
- data/reports/GO-2024-2520.yaml (https://github.com/golang/vulndb/issues/2520)
- data/reports/GO-2024-2523.yaml (https://github.com/golang/vulndb/issues/2523)
- data/reports/GO-2024-2629.yaml (https://github.com/golang/vulndb/issues/2629)
- data/reports/GO-2024-2661.yaml (https://github.com/golang/vulndb/issues/2661)
- data/reports/GO-2024-2697.yaml (https://github.com/golang/vulndb/issues/2697)
- data/reports/GO-2024-2843.yaml (https://github.com/golang/vulndb/issues/2843)
- data/reports/GO-2024-2844.yaml (https://github.com/golang/vulndb/issues/2844)
- data/reports/GO-2024-2847.yaml (https://github.com/golang/vulndb/issues/2847)
- data/reports/GO-2024-2848.yaml (https://github.com/golang/vulndb/issues/2848)
- data/reports/GO-2024-2851.yaml (https://github.com/golang/vulndb/issues/2851)
- data/reports/GO-2024-2852.yaml (https://github.com/golang/vulndb/issues/2852)
- data/reports/GO-2024-2854.yaml (https://github.com/golang/vulndb/issues/2854)
- data/reports/GO-2024-2855.yaml (https://github.com/golang/vulndb/issues/2855)
- data/reports/GO-2024-2856.yaml (https://github.com/golang/vulndb/issues/2856)
- data/reports/GO-2024-2857.yaml (https://github.com/golang/vulndb/issues/2857)
- data/reports/GO-2024-2858.yaml (https://github.com/golang/vulndb/issues/2858)
- data/reports/GO-2024-2867.yaml (https://github.com/golang/vulndb/issues/2867)
- data/reports/GO-2024-3079.yaml (https://github.com/golang/vulndb/issues/3079)
- data/reports/GO-2024-3215.yaml (https://github.com/golang/vulndb/issues/3215)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/grafana/grafana
      vulnerable_at: 5.4.5+incompatible
summary: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
cves:
    - CVE-2024-10452
ghsas:
    - GHSA-66c4-2g2v-54qw
references:
    - advisory: https://github.com/advisories/GHSA-66c4-2g2v-54qw
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-10452
    - advisory: https://www.cve.org/CVERecord?id=CVE-2024-10452
    - web: https://grafana.com/security/security-advisories/cve-2024-10452
source:
    id: GHSA-66c4-2g2v-54qw
    created: 2024-10-29T21:01:20.429732624Z
review_status: UNREVIEWED

golang / vulndb

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-66c4-2g2v-54qw #3240