Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-pv34-th9b-37h6
Summary
Grafana privilege escalation vulnerability
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.

It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.

This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.

The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
Aliases
0
alias CVE-2023-4822
1
alias GHSA-fw9c-75hh-89p6
Fixed_packages
Affected_packages
0
url pkg:rpm/redhat/ceph@2:18.2.1-194?arch=el8cp
purl pkg:rpm/redhat/ceph@2:18.2.1-194?arch=el8cp
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6smu-rrju-z7ca
1
vulnerability VCID-pv34-th9b-37h6
2
vulnerability VCID-rka6-epua-h7gz
3
vulnerability VCID-z7wb-tvk2-myhr
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:18.2.1-194%3Farch=el8cp
1
url pkg:rpm/redhat/cephadm-ansible@1:3.2.0-1?arch=el9cp
purl pkg:rpm/redhat/cephadm-ansible@1:3.2.0-1?arch=el9cp
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pv34-th9b-37h6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cephadm-ansible@1:3.2.0-1%3Farch=el9cp
2
url pkg:rpm/redhat/gperftools@1:2.7-9?arch=el8cp
purl pkg:rpm/redhat/gperftools@1:2.7-9?arch=el8cp
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pv34-th9b-37h6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gperftools@1:2.7-9%3Farch=el8cp
3
url pkg:rpm/redhat/libunwind@1.3.1-3?arch=el8cp
purl pkg:rpm/redhat/libunwind@1.3.1-3?arch=el8cp
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pv34-th9b-37h6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libunwind@1.3.1-3%3Farch=el8cp
4
url pkg:rpm/redhat/oath-toolkit@2.6.2-3?arch=el8cp
purl pkg:rpm/redhat/oath-toolkit@2.6.2-3?arch=el8cp
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pv34-th9b-37h6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/oath-toolkit@2.6.2-3%3Farch=el8cp
5
url pkg:rpm/redhat/thrift@0.13.0-2?arch=el8cp
purl pkg:rpm/redhat/thrift@0.13.0-2?arch=el8cp
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pv34-th9b-37h6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thrift@0.13.0-2%3Farch=el8cp
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4822.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4822.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4822
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51557
published_at 2026-04-21T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51578
published_at 2026-04-18T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51569
published_at 2026-04-16T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51526
published_at 2026-04-13T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51538
published_at 2026-04-12T12:55:00Z
5
value 0.00281
scoring_system epss
scoring_elements 0.51559
published_at 2026-04-11T12:55:00Z
6
value 0.00281
scoring_system epss
scoring_elements 0.51463
published_at 2026-04-07T12:55:00Z
7
value 0.00281
scoring_system epss
scoring_elements 0.51517
published_at 2026-04-08T12:55:00Z
8
value 0.00281
scoring_system epss
scoring_elements 0.51504
published_at 2026-04-04T12:55:00Z
9
value 0.00281
scoring_system epss
scoring_elements 0.51476
published_at 2026-04-02T12:55:00Z
10
value 0.00281
scoring_system epss
scoring_elements 0.51515
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4822
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/grafana/grafana
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana
4
reference_url https://grafana.com/security/security-advisories/cve-2023-4822
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-16T18:09:06Z/
url https://grafana.com/security/security-advisories/cve-2023-4822
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4822
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4822
6
reference_url https://security.netapp.com/advisory/ntap-20231103-0008
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231103-0008
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2239726
reference_id 2239726
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2239726
8
reference_url https://security.netapp.com/advisory/ntap-20231103-0008/
reference_id ntap-20231103-0008
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-16T18:09:06Z/
url https://security.netapp.com/advisory/ntap-20231103-0008/
9
reference_url https://access.redhat.com/errata/RHSA-2024:3925
reference_id RHSA-2024:3925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3925
Weaknesses
0
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-pv34-th9b-37h6