Grafana SCIM Provisioning User Identity Vulnerability Allowing Impersonation and Privilege Escalation

Vulnerability

A vulnerability has been identified in Grafana versions 12.x with SCIM provisioning enabled. This issue allows a malicious or compromised SCIM client to provision a user with a numeric external ID, potentially overriding internal user IDs. Such an override could lead to impersonation or privilege escalation. The vulnerability arises from improper handling of user identities and is only applicable when the 'enableSCIM' feature flag is active and 'user_sync_enabled' is set to true in the SCIM authentication block.

Impact

Exploitation of this vulnerability could result in unauthorized user impersonation or privilege escalation within Grafana.

Added: Nov 21, 2025, 4:37 PM

Updated: Nov 21, 2025, 4:37 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

5.0

exploitability

5.2

remediation

8.3

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

5.0

exploitability

5.2

remediation

8.3

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grafana SCIM Provisioning User Identity Vulnerability Allowing Impersonation and Privilege Escalation

Vulnerability

Impact

Affected Products

Grafana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating