A flaw was found in the Grafana enterprise package. Grafana is incorrectly assessing permissions to update global roles and role assignments, therefore, users with administrator permissions in one organization can change global role permissions and global role assignments. After successful exploitation, an attacker who has the Organization Admin role in any organization can elevate their permissions across all organizations, elevate other usersβ permissions in all organizations, or limit other usersβ permissions in all organizations.