CVE-2023-4822 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-4822 Interim 1 1 2023-10-17T23:11:34Z current 2023-10-17T23:11:34Z 2023-10-17T23:11:34Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-4822 Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Linux Enterprise Module for Package Hub 15 SP4 SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Manager Client Tools Beta for SLE 12 SUSE Manager Client Tools Beta for SLE 15 SUSE Manager Client Tools for SLE 12 SUSE Manager Client Tools for SLE 15 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 grafana grafana as a component of HPE Helion OpenStack 8 grafana as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 grafana as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 grafana as a component of SUSE Manager Client Tools Beta for SLE 12 grafana as a component of SUSE Manager Client Tools Beta for SLE 15 grafana as a component of SUSE Manager Client Tools for SLE 12 grafana as a component of SUSE Manager Client Tools for SLE 15 grafana as a component of SUSE OpenStack Cloud 8 grafana as a component of SUSE OpenStack Cloud 9 grafana as a component of SUSE OpenStack Cloud Crowbar 8 grafana as a component of SUSE OpenStack Cloud Crowbar 9 Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of. CVE-2023-4822 HPE Helion OpenStack 8:grafana SUSE Manager Client Tools Beta for SLE 12:grafana SUSE OpenStack Cloud 8:grafana SUSE OpenStack Cloud 9:grafana SUSE OpenStack Cloud Crowbar 8:grafana SUSE OpenStack Cloud Crowbar 9:grafana SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana SUSE Manager Client Tools Beta for SLE 15:grafana SUSE Manager Client Tools for SLE 12:grafana SUSE Manager Client Tools for SLE 15:grafana moderate 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L