Lucene search
K

43 matches found

Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.5 views

PT-2024-16292 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue allows organization admins to delete pending invites created in an organization they are not part of. This can be exploited by a Grafana org admin to delete pending invites in...

9.9CVSS6.1AI score0.97781EPSS
Exploits21References103
RedHat Linux
RedHat Linux
added 2024/06/14 1:20 p.m.4 views

grafana: incorrect assessment of permissions across organizations

A flaw was found in the Grafana enterprise package. Grafana is incorrectly assessing permissions to update global roles and role assignments, therefore, users with administrator permissions in one organization can change global role permissions and global role assignments. After successful...

7.2CVSS5.8AI score0.01074EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/14 10:10 p.m.29 views

Grafana Fine-grained access control vulnerability

Impact On Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, ad...

9.1CVSS6.5AI score0.02834EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2023/11/23 4:50 a.m.76 views

CVE-2023-4822

A flaw was found in the Grafana enterprise package. Grafana is incorrectly assessing permissions to update global roles and role assignments, therefore, users with administrator permissions in one organization can change global role permissions and global role assignments. After successful...

6.7CVSS6.8AI score0.01074EPSS
Exploits0References4
Veracode
Veracode
added 2023/10/19 8:6 a.m.31 views

Improper Privilege Management

Github.com/grafana/grafana is vulnerable to Improper Privilege Management. The vulnerability impacts Grafana instances with several organizations, which allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organizatio...

7.2CVSS6.8AI score0.01074EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/10/18 1:3 a.m.3 views

SUSE CVE-2023-4822

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

7.2CVSS6.8AI score0.01074EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/10/16 9:30 a.m.46 views

Grafana privilege escalation vulnerability

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and...

7.2CVSS6.6AI score0.01074EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/10/16 9:15 a.m.22 views

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

5.8CVSS6.8AI score0.01074EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/10/16 9:15 a.m.47 views

CVE-2023-4822

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

7.2CVSS6.8AI score0.01074EPSS
Exploits0References2
OSV
OSV
added 2023/10/16 9:15 a.m.8 views

UBUNTU-CVE-2023-4822

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

7.2CVSS7.3AI score0.01074EPSS
Exploits0References3
OSV
OSV
added 2023/10/16 8:45 a.m.4 views

CVE-2023-4822

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

6.7CVSS5.8AI score0.01074EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/10/16 8:45 a.m.48 views

CVE-2023-4822

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

6.7CVSS7.1AI score0.01074EPSS
Exploits0References2
CVE
CVE
added 2023/10/16 8:45 a.m.409 views

CVE-2023-4822

Grafana CVE-2023-4822 affects Grafana with multi-organization setups. A user with Organization Admin permissions in one org can change permissions for Organization Viewer/Editor/Admin across all organizations, and can assign or revoke their own permissions globally. This enables elevation of priv...

7.2CVSS6.7AI score0.01074EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.3 views

PT-2023-8896 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue impacts Grafana instances with multiple organizations, allowing a user with Organization Admin permissions in one organization to change permissions associated with Organization...

8.3CVSS6.5AI score0.01082EPSS
Exploits0References26
ArchLinux
ArchLinux
added 2021/11/18 12:0 a.m.33 views

[ASA-202111-6] grafana: access restriction bypass

Arch Linux Security Advisory ASA-202111-6 ========================================= Severity: Medium Date : 2021-11-18 CVE-ID : CVE-2021-41244 Package : grafana Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2559 Summary ======= The package grafana before...

9.1CVSS7AI score0.02834EPSS
Exploits0References4
Veracode
Veracode
added 2021/11/17 11:52 p.m.35 views

Privilege Escalation

github.com/grafana/grafana is vulnerable to privilege escalation. The vulnerability exists due to a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users roles in other organizations in which they are not an admin...

9.1CVSS7.7AI score0.02834EPSS
Exploits0References6Affected Software2
UbuntuCve
UbuntuCve
added 2021/11/15 8:15 p.m.28 views

CVE-2021-41244

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

9.1CVSS7.1AI score0.02834EPSS
Exploits0References4
Prion
Prion
added 2021/11/15 8:15 p.m.25 views

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

6.5CVSS6.8AI score0.02834EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/11/15 8:5 p.m.32 views

CVE-2021-41244 Cross organization admin control in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

9.1CVSS9.3AI score0.02834EPSS
Exploits0References4
CVE
CVE
added 2021/11/15 8:5 p.m.146 views

CVE-2021-41244

Grafana CVE-2021-41244 affects Grafana 8.0–8.2.3 when the fine-grained access control beta is enabled and multiple organizations exist. Organization Admins could list, add, remove, and update users’ roles in other organizations where they are not admins, exposing cross-organization access control...

9.1CVSS7.9AI score0.02834EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder