[v10.4.x] Alerting: Fix incorrect permission on POST external rule groups endpoint [CVE-2024-8118] #93946
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport c2799b4 from #93940
What is this feature?
This route is bound to an incorrect RBAC action.
Context: https://grafana.com/blog/2024/09/26/grafana-security-release-medium-severity-fix-for-cve-2024-8118/?camp=blog&cnt=Today+we+released+Grafana&mdm=social&src=li
Fixes CVE-2024-8118
Special notes for your reviewer:
Please check that: