{ "document": { "aggregate_severity": { "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/vex/2023/cve-2023-4822-els_os-almalinux9_2esu.json" } ], "tracking": { "current_release_date": "2026-05-06T20:14:20Z", "generator": { "date": "2026-05-06T20:14:20Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-4822-ELS_OS-ALMALINUX9.2ESU", "initial_release_date": "2023-10-16T09:15:00Z", "revision_history": [ { "date": "2023-10-16T09:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-10-08T17:50:57Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-10-30T10:42:40Z", "number": "3", "summary": "Update document" }, { "date": "2025-12-23T19:08:30Z", "number": "4", "summary": "Update document" }, { "date": "2026-05-06T20:14:20Z", "number": "5", "summary": "Update document" } ], "status": "final", "version": "5" }, "title": "Security update on CVE-2023-4822" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els14?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els12?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els13?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els11?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4822", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "notes": [ { "category": "description", "text": "Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.\n\nIt also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.\n\nThis means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.\n\nThe vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "other", "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.", "title": "Statement" } ], "product_status": { "known_not_affected": [ "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-4822" }, { "category": "external", "summary": "https://grafana.com/security/security-advisories/cve-2023-4822", "url": "https://grafana.com/security/security-advisories/cve-2023-4822" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231103-0008/", "url": "https://security.netapp.com/advisory/ntap-20231103-0008/" } ], "release_date": "2023-10-16T09:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" }, { "category": "impact", "details": "Not affected: CVE-2023-4822 applies only to Grafana Enterprise instances configured with more than one organization, as the flaw is in the Enterprise RBAC logic for cross‑organization role and permission updates. The distribution’s grafana package is the open‑source edition and is tracked as not vulnerable, so the Enterprise‑only code path is not present. Therefore, even if running Grafana 9.0.9, this deployment is not exposed to this issue.", "product_ids": [ "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els11.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els12.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els13.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els14.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64" ] } ] } ] }