CVE-2023-4822

Summary

The vulnerability with the CVE ID name CVE-2023-4822 affects Grafana, an open-source platform for monitoring and observability. This vulnerability allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor, and Organization Admin roles in all organizations. It also enables an Organization Admin to assign or revoke any permissions they have to any user globally. However, the vulnerability does not allow a user to become a member of an organization they are not already a part of or add other users to an organization where the current user is not a member. This vulnerability has a high base severity rating and poses a potential danger to organizations using Grafana as it could lead to unauthorized elevation of privileges and manipulation of permissions within multiple organizations. Organizations using affected versions of Grafana should apply patches or updates provided by the vendor to remediate this vulnerability and enhance their security posture.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.