CVE-2023-4822

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4822
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4822.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-4822
Aliases
Downstream
Related
Published
2023-10-16T09:15:11.687Z
Modified
2026-04-11T12:46:16.669258Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.

It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.

This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.

The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "introduced": "8.0.0"
                },
                {
                    "fixed": "9.4.16"
                },
                {
                    "introduced": "9.5.0"
                },
                {
                    "fixed": "9.5.11"
                },
                {
                    "introduced": "10.0.0"
                },
                {
                    "fixed": "10.0.7"
                },
                {
                    "introduced": "10.1.0"
                },
                {
                    "fixed": "10.1.3"
                }
            ],
            "cpe": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*"
        }
    ]
}
References

Affected packages

Git / github.com/grafana/grafana

Affected ranges

Type
GIT
Repo
https://github.com/grafana/grafana
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac024bfca197d3965e94f29f7da2655b34caa3a4
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.1.4"
        }
    ],
    "cpe": "cpe:2.3:a:grafana:grafana:10.1.4:*:*:*:enterprise:*:*:*"
}

Affected versions

v0.*
v0.0.0-cloud
v1.*
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v1.7.0-rc1
v1.9.0
v1.9.0-rc1
v1.9.1
v10.*
v10.0.0-preview
v10.1.1
v10.1.2
v10.1.4
v2.*
v2.0.0-beta1
v2.0.0-beta3
v2.0.1
v2.0.2
v2.5.0
v2.6.0
v2.6.0-beta1
v3.*
v3.0.0-beta6
v3.0.0-beta7
v3.0.1
v3.0.2
v3.1.0-beta1
v3.2.1-test
v4.*
v4.4.0
v4.5.0
v4.5.0-beta1
v4.6.0-beta1
v5.*
v5.,2.4
v5.0.0
v5.0.0-beta1
v5.0.0-beta2
v5.0.0-beta3
v5.0.0-beta4
v5.0.0-beta5
v6.*
v6.0.0-beta1
v6.5
v8.*
v8.3.3
v8.4.0-beta1
v8.5.16
v9.*
v9.3.0-beta1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4822.json"