CVE-2023-4822

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Grafana (affected versions not specified)

Description The issue impacts Grafana instances with multiple organizations, allowing a user with Organization Admin permissions in one organization to change permissions associated with Organization Viewer, Organization Editor, and Organization Admin roles in all organizations. This enables an Organization Admin to assign or revoke any permissions they have to any user globally, potentially elevating their own permissions or those of other users within organizations they are already a member of. The issue does not permit a user to join an organization they are not a member of or add users to an organization they are not part of.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALT-PU-2023-7440

ALT-PU-2024-12406

ALT-PU-2024-2190

ALT-PU-2024-7863

BDU:2024-02572

BIT-GRAFANA-2023-4822

CVE-2023-4822

ECHO-1A8C-AB25-351B

GHSA-FW9C-75HH-89P6

RHSA-2024:3925

Affected Products

Alt Linux

Grafana

Red Os

CVE-2023-4822

Weakness Enumeration

Related Identifiers

Affected Products

References · 19