CVE-2023-4822

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Oct 16, 2023
Updated: Nov 4, 2023
CWE ID 269

Summary

The vulnerability with the CVE ID name CVE-2023-4822 affects Grafana, an open-source platform for monitoring and observability. This vulnerability allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor, and Organization Admin roles in all organizations. It also enables an Organization Admin to assign or revoke any permissions they have to any user globally. However, the vulnerability does not allow a user to become a member of an organization they are not already a part of or add other users to an organization where the current user is not a member. This vulnerability has a high base severity rating and poses a potential danger to organizations using Grafana as it could lead to unauthorized elevation of privileges and manipulation of permissions within multiple organizations. Organizations using affected versions of Grafana should apply patches or updates provided by the vendor to remediate this vulnerability and enhance their security posture.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4822 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options