43 matches found
PT-2024-16292 · Grafana +2 · Grafana +2
Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue allows organization admins to delete pending invites created in an organization they are not part of. This can be exploited by a Grafana org admin to delete pending invites in...
grafana: incorrect assessment of permissions across organizations
A flaw was found in the Grafana enterprise package. Grafana is incorrectly assessing permissions to update global roles and role assignments, therefore, users with administrator permissions in one organization can change global role permissions and global role assignments. After successful...
Grafana Fine-grained access control vulnerability
Impact On Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, ad...
CVE-2023-4822
A flaw was found in the Grafana enterprise package. Grafana is incorrectly assessing permissions to update global roles and role assignments, therefore, users with administrator permissions in one organization can change global role permissions and global role assignments. After successful...
Improper Privilege Management
Github.com/grafana/grafana is vulnerable to Improper Privilege Management. The vulnerability impacts Grafana instances with several organizations, which allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organizatio...
SUSE CVE-2023-4822
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
Grafana privilege escalation vulnerability
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and...
Design/Logic Flaw
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
CVE-2023-4822
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
UBUNTU-CVE-2023-4822
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
CVE-2023-4822
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
CVE-2023-4822
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
CVE-2023-4822
Grafana CVE-2023-4822 affects Grafana with multi-organization setups. A user with Organization Admin permissions in one org can change permissions for Organization Viewer/Editor/Admin across all organizations, and can assign or revoke their own permissions globally. This enables elevation of priv...
PT-2023-8896 · Grafana +2 · Grafana +2
Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue impacts Grafana instances with multiple organizations, allowing a user with Organization Admin permissions in one organization to change permissions associated with Organization...
[ASA-202111-6] grafana: access restriction bypass
Arch Linux Security Advisory ASA-202111-6 ========================================= Severity: Medium Date : 2021-11-18 CVE-ID : CVE-2021-41244 Package : grafana Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2559 Summary ======= The package grafana before...
Privilege Escalation
github.com/grafana/grafana is vulnerable to privilege escalation. The vulnerability exists due to a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users roles in other organizations in which they are not an admin...
CVE-2021-41244
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...
Design/Logic Flaw
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...
CVE-2021-41244 Cross organization admin control in Grafana
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...
CVE-2021-41244
Grafana CVE-2021-41244 affects Grafana 8.0–8.2.3 when the fine-grained access control beta is enabled and multiple organizations exist. Organization Admins could list, add, remove, and update users’ roles in other organizations where they are not admins, exposing cross-organization access control...