7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Grafana is an open source monitoring tool from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. A security vulnerability exists in Grafana that stems from the fact that in the affected version, when the fine-grained access control beta feature is enabled and there are multiple organizations in the Grafana instance, administrators can access users from other organizations. An attacker could exploit this vulnerability to list, add, delete, and update user roles in other organizations that do not have an organization administrator role.
CPE | Name | Operator | Version |
---|---|---|---|
Grafana Grafana >=8.0.0, | lt | 8.2.4 |
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P