7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
18.2%
Grafana is an open-source platform for monitoring and observability. The
vulnerability impacts Grafana instances with several organizations, and
allows a user with Organization Admin permissions in one organization to
change the permissions associated with Organization Viewer, Organization
Editor and Organization Admin roles in all organizations. It also allows an
Organization Admin to assign or revoke any permissions that they have to
any user globally. This means that any Organization Admin can elevate their
own permissions in any organization that they are already a member of, or
elevate or restrict the permissions of any other user. The vulnerability
does not allow a user to become a member of an organization that they are
not already a member of, or to add any other users to an organization that
the current user is not a member of.
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
18.2%