{"id":"CVE-2024-5526","details":"Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers.\n\nGrafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. \n\nThis issue was fixed in version 1.5.2","modified":"2026-03-14T12:40:39.612438Z","published":"2024-06-05T12:15:10.553Z","references":[{"type":"ADVISORY","url":"https://grafana.com/security/security-advisories/cve-2024-5526/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grafana/oncall","events":[{"introduced":"b8ee428337ddf9e7e7fb271f1283bac50a0caf35"},{"fixed":"4f055680070a9a85576d44dcd1884ad0eef9e004"}],"database_specific":{"versions":[{"introduced":"1.1.37"},{"fixed":"1.5.2"}]}}],"versions":["oncall-1.1.37","oncall-1.1.38","oncall-1.1.39","oncall-1.1.40","oncall-1.1.41","oncall-1.2.1","oncall-1.2.10","oncall-1.2.11","oncall-1.2.12","oncall-1.2.13","oncall-1.2.14","oncall-1.2.15","oncall-1.2.16","oncall-1.2.17","oncall-1.2.19","oncall-1.2.2","oncall-1.2.21","oncall-1.2.22","oncall-1.2.23","oncall-1.2.24","oncall-1.2.26","oncall-1.2.27","oncall-1.2.28","oncall-1.2.3","oncall-1.2.30","oncall-1.2.31","oncall-1.2.32","oncall-1.2.33","oncall-1.2.34","oncall-1.2.35","oncall-1.2.36","oncall-1.2.4","oncall-1.2.40","oncall-1.2.41","oncall-1.2.42","oncall-1.2.44","oncall-1.2.46","oncall-1.2.5","oncall-1.2.6","oncall-1.2.7","oncall-1.2.8","oncall-1.2.9","oncall-1.3.0","oncall-1.3.1","oncall-1.3.10","oncall-1.3.100","oncall-1.3.101","oncall-1.3.102","oncall-1.3.104","oncall-1.3.105","oncall-1.3.106","oncall-1.3.108","oncall-1.3.109","oncall-1.3.11","oncall-1.3.110","oncall-1.3.111","oncall-1.3.112","oncall-1.3.113","oncall-1.3.114","oncall-1.3.115","oncall-1.3.116","oncall-1.3.117","oncall-1.3.118","oncall-1.3.12","oncall-1.3.13","oncall-1.3.14","oncall-1.3.15","oncall-1.3.17","oncall-1.3.18","oncall-1.3.19","oncall-1.3.2","oncall-1.3.20","oncall-1.3.21","oncall-1.3.22","oncall-1.3.23","oncall-1.3.24","oncall-1.3.25","oncall-1.3.26","oncall-1.3.27","oncall-1.3.28","oncall-1.3.29","oncall-1.3.3","oncall-1.3.30","oncall-1.3.31","oncall-1.3.32","oncall-1.3.33","oncall-1.3.34","oncall-1.3.35","oncall-1.3.37","oncall-1.3.38","oncall-1.3.39","oncall-1.3.4","oncall-1.3.41","oncall-1.3.42","oncall-1.3.43","oncall-1.3.45","oncall-1.3.5","oncall-1.3.59","oncall-1.3.6","oncall-1.3.60","oncall-1.3.61","oncall-1.3.62","oncall-1.3.63","oncall-1.3.64","oncall-1.3.7","oncall-1.3.75","oncall-1.3.76","oncall-1.3.77","oncall-1.3.78","oncall-1.3.79","oncall-1.3.8","oncall-1.3.80","oncall-1.3.81","oncall-1.3.82","oncall-1.3.83","oncall-1.3.84","oncall-1.3.85","oncall-1.3.86","oncall-1.3.9","oncall-1.3.90","oncall-1.3.91","oncall-1.3.92","oncall-1.3.93","oncall-1.3.94","oncall-1.3.95","oncall-1.3.96","oncall-1.3.97","oncall-1.3.98","oncall-1.3.99","oncall-1.4.0","oncall-1.4.1","oncall-1.4.2","oncall-1.4.3","oncall-1.4.4","oncall-1.4.5","oncall-1.4.6","oncall-1.4.7","oncall-1.5.0","oncall-1.5.1","v1.1.37","v1.1.38","v1.1.39","v1.1.40","v1.1.41","v1.2.0","v1.2.1","v1.2.10","v1.2.11","v1.2.12","v1.2.13","v1.2.14","v1.2.15","v1.2.16","v1.2.17","v1.2.18","v1.2.2","v1.2.21","v1.2.22","v1.2.23","v1.2.24","v1.2.25","v1.2.26","v1.2.27","v1.2.29","v1.2.3","v1.2.30","v1.2.32","v1.2.33","v1.2.34","v1.2.35","v1.2.36","v1.2.37","v1.2.38","v1.2.39","v1.2.4","v1.2.40","v1.2.41","v1.2.42","v1.2.43","v1.2.44","v1.2.45","v1.2.46","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.2.9","v1.3.0","v1.3.1","v1.3.10","v1.3.100","v1.3.101","v1.3.102","v1.3.103","v1.3.104","v1.3.105","v1.3.106","v1.3.107","v1.3.108","v1.3.109","v1.3.11","v1.3.110","v1.3.111","v1.3.112","v1.3.113","v1.3.114","v1.3.115","v1.3.116","v1.3.117","v1.3.118","v1.3.12","v1.3.13","v1.3.14","v1.3.15","v1.3.16","v1.3.17","v1.3.18","v1.3.2","v1.3.20","v1.3.21","v1.3.22","v1.3.23","v1.3.24","v1.3.25","v1.3.26","v1.3.27","v1.3.28","v1.3.29","v1.3.3","v1.3.30","v1.3.31","v1.3.32","v1.3.33","v1.3.34","v1.3.35","v1.3.36","v1.3.37","v1.3.38","v1.3.39","v1.3.4","v1.3.40","v1.3.41","v1.3.42","v1.3.43","v1.3.44","v1.3.45","v1.3.46","v1.3.47","v1.3.48","v1.3.49","v1.3.5","v1.3.50","v1.3.51","v1.3.52","v1.3.53","v1.3.54","v1.3.55","v1.3.56","v1.3.57","v1.3.58","v1.3.59","v1.3.6","v1.3.60","v1.3.61","v1.3.62","v1.3.63","v1.3.64","v1.3.65","v1.3.66","v1.3.67","v1.3.68","v1.3.69","v1.3.7","v1.3.70","v1.3.71","v1.3.72","v1.3.73","v1.3.74","v1.3.75","v1.3.76","v1.3.77","v1.3.78","v1.3.79","v1.3.8","v1.3.80","v1.3.81","v1.3.82","v1.3.83","v1.3.84","v1.3.86","v1.3.87","v1.3.88","v1.3.89","v1.3.9","v1.3.90","v1.3.91","v1.3.92","v1.3.95","v1.3.96","v1.3.97","v1.3.98","v1.3.99","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.5.0","v1.5.1","v1.x.x"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5526.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}