[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-4822":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":271,"aliases":272,"duplicate_of":9,"upstream":275,"downstream":276,"duplicates":281,"related":282,"reserved_at":9,"published_at":291,"modified_at":292,"state":293,"summary":294,"references_raw":303,"kevs":331,"epss":332,"epss_history":335,"metrics":598,"affected":612},"CVE-2023-4822","Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.\n\nIt also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.\n\nThis means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.\n\nThe vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.",null,[11,264],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-269","Improper Privilege Management","The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.","weakness","Draft","Class","Medium",[20,182,260],{"id":21,"name":22,"techniques":23},"CAPEC-122","Privilege Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":33,"techniques":184},"CAPEC-233",[185],{"id":25,"name":26,"tactics":186,"countermeasures":189},[187,188],{"id":29,"name":30},{"id":32,"name":33},[190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258],{"id":36,"name":37,"tactic":191},{"name":39},{"id":41,"name":42,"tactic":193},{"name":39},{"id":45,"name":46,"tactic":195},{"name":39},{"id":49,"name":50,"tactic":197},{"name":39},{"id":53,"name":54,"tactic":199},{"name":56},{"id":58,"name":59,"tactic":201},{"name":56},{"id":62,"name":63,"tactic":203},{"name":56},{"id":66,"name":67,"tactic":205},{"name":56},{"id":70,"name":71,"tactic":207},{"name":56},{"id":74,"name":75,"tactic":209},{"name":56},{"id":78,"name":79,"tactic":211},{"name":56},{"id":82,"name":83,"tactic":213},{"name":56},{"id":86,"name":87,"tactic":215},{"name":56},{"id":90,"name":91,"tactic":217},{"name":93},{"id":95,"name":96,"tactic":219},{"name":93},{"id":99,"name":100,"tactic":221},{"name":102},{"id":104,"name":105,"tactic":223},{"name":107},{"id":109,"name":110,"tactic":225},{"name":107},{"id":113,"name":114,"tactic":227},{"name":107},{"id":117,"name":118,"tactic":229},{"name":107},{"id":121,"name":122,"tactic":231},{"name":124},{"id":126,"name":127,"tactic":233},{"name":124},{"id":130,"name":131,"tactic":235},{"name":124},{"id":134,"name":135,"tactic":237},{"name":124},{"id":138,"name":139,"tactic":239},{"name":124},{"id":142,"name":143,"tactic":241},{"name":145},{"id":147,"name":148,"tactic":243},{"name":145},{"id":151,"name":152,"tactic":245},{"name":145},{"id":155,"name":156,"tactic":247},{"name":145},{"id":159,"name":160,"tactic":249},{"name":145},{"id":163,"name":164,"tactic":251},{"name":145},{"id":167,"name":168,"tactic":253},{"name":145},{"id":171,"name":172,"tactic":255},{"name":145},{"id":175,"name":176,"tactic":257},{"name":145},{"id":179,"name":180,"tactic":259},{"name":145},{"id":261,"name":262,"techniques":263},"CAPEC-58","Restful Privilege Elevation",[],{"_key":265,"id":265,"name":266,"description":267,"type":268,"status":269,"abstraction":9,"likelihood_of_exploit":9,"capec":270},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[273,274],"GHSA-fw9c-75hh-89p6","BIT-grafana-2023-4822",[],[277,279],{"_key":278},"UBUNTU-CVE-2023-4822",{"_key":280},"RHSA-2024:3925",[],[283,285,287,289],{"_key":284},"CGA-725C-HGV7-2MM3",{"_key":286},"CGA-8PQ7-RHPC-58J2",{"_key":288},"CGA-8QP6-8X22-92QM",{"_key":290},"CGA-FH23-M5PR-J7VQ","2023-10-16T08:45:59.756Z","2026-01-30T04:55:38.864Z","Modified",{"cisa_kev":295,"cisa_ransomware":295,"cisa_vendor":9,"epss_severity":296,"epss_score":297,"severity":298,"severity_score":299,"severity_version":300,"severity_source":301,"severity_vector":302,"severity_status":293},false,"low",0.00282,"high",7.2,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",[304,312,317,322,327],{"url":305,"sources":306,"tags":309},"https://grafana.com/security/security-advisories/cve-2023-4822",[307,301,308],"cve.org","osv_go",[310,311],"Vendor Advisory","WEB",{"url":313,"sources":314,"tags":315},"https://security.netapp.com/advisory/ntap-20231103-0008/",[307,301],[316],"Third Party Advisory",{"url":318,"sources":319,"tags":320},"https://nvd.nist.gov/vuln/detail/CVE-2023-4822",[308],[321],"Advisory",{"url":323,"sources":324,"tags":325},"https://github.com/grafana/grafana",[308],[326],"PACKAGE",{"url":328,"sources":329,"tags":330},"https://security.netapp.com/advisory/ntap-20231103-0008",[308],[311],[],{"date":333,"score":297,"percentile":334},"2026-06-04",0.51808,[336,340,343,346,349,352,355,358,360,363,366,369,372,374,376,380,383,386,389,391,394,397,400,403,406,409,412,415,419,422,425,428,431,433,436,439,441,444,447,450,453,456,459,462,465,468,471,474,477,479,482,485,488,491,495,498,500,503,506,509,512,515,517,520,523,526,529,532,535,538,541,544,547,550,553,556,559,562,565,567,570,573,576,579,581,583,586,589,592,595],{"date":337,"score":338,"percentile":339},"2025-11-04",0.00453,0.62975,{"date":341,"score":338,"percentile":342},"2025-11-05",0.62958,{"date":344,"score":338,"percentile":345},"2025-11-06",0.62967,{"date":347,"score":338,"percentile":348},"2025-11-07",0.62984,{"date":350,"score":338,"percentile":351},"2025-11-08",0.62986,{"date":353,"score":338,"percentile":354},"2025-11-09",0.62981,{"date":356,"score":338,"percentile":357},"2025-11-10",0.62963,{"date":359,"score":338,"percentile":339},"2025-11-11",{"date":361,"score":338,"percentile":362},"2025-11-12",0.62997,{"date":364,"score":338,"percentile":365},"2025-11-13",0.63003,{"date":367,"score":338,"percentile":368},"2025-11-14",0.63015,{"date":370,"score":338,"percentile":371},"2025-11-15",0.63006,{"date":373,"score":338,"percentile":362},"2025-11-16",{"date":375,"score":338,"percentile":362},"2025-11-17",{"date":377,"score":378,"percentile":379},"2025-11-18",0.00289,0.49344,{"date":381,"score":378,"percentile":382},"2025-11-19",0.49359,{"date":384,"score":378,"percentile":385},"2025-11-20",0.49345,{"date":387,"score":338,"percentile":388},"2025-11-21",0.63007,{"date":390,"score":338,"percentile":368},"2025-11-22",{"date":392,"score":338,"percentile":393},"2025-11-23",0.62995,{"date":395,"score":338,"percentile":396},"2025-11-24",0.62987,{"date":398,"score":338,"percentile":399},"2025-11-25",0.62989,{"date":401,"score":338,"percentile":402},"2025-11-26",0.62993,{"date":404,"score":338,"percentile":405},"2025-11-27",0.62998,{"date":407,"score":338,"percentile":408},"2025-11-28",0.6298,{"date":410,"score":338,"percentile":411},"2025-11-29",0.62951,{"date":413,"score":338,"percentile":414},"2025-11-30",0.62942,{"date":416,"score":417,"percentile":418},"2025-12-01",0.00122,0.32026,{"date":420,"score":417,"percentile":421},"2025-12-02",0.32054,{"date":423,"score":417,"percentile":424},"2025-12-03",0.32053,{"date":426,"score":338,"percentile":427},"2025-12-04",0.62959,{"date":429,"score":338,"percentile":430},"2025-12-05",0.62972,{"date":432,"score":338,"percentile":430},"2025-12-06",{"date":434,"score":338,"percentile":435},"2025-12-07",0.62966,{"date":437,"score":338,"percentile":438},"2025-12-08",0.62973,{"date":440,"score":338,"percentile":388},"2025-12-09",{"date":442,"score":338,"percentile":443},"2025-12-10",0.63047,{"date":445,"score":338,"percentile":446},"2025-12-11",0.63062,{"date":448,"score":338,"percentile":449},"2025-12-12",0.63085,{"date":451,"score":338,"percentile":452},"2025-12-13",0.63093,{"date":454,"score":338,"percentile":455},"2025-12-14",0.63092,{"date":457,"score":338,"percentile":458},"2025-12-15",0.63083,{"date":460,"score":338,"percentile":461},"2025-12-16",0.63097,{"date":463,"score":338,"percentile":464},"2025-12-17",0.63111,{"date":466,"score":338,"percentile":467},"2025-12-18",0.63148,{"date":469,"score":338,"percentile":470},"2025-12-19",0.63164,{"date":472,"score":338,"percentile":473},"2025-12-20",0.63166,{"date":475,"score":338,"percentile":476},"2025-12-21",0.63157,{"date":478,"score":338,"percentile":467},"2025-12-22",{"date":480,"score":338,"percentile":481},"2025-12-23",0.63163,{"date":483,"score":338,"percentile":484},"2025-12-24",0.63169,{"date":486,"score":338,"percentile":487},"2025-12-25",0.63197,{"date":489,"score":338,"percentile":490},"2025-12-26",0.63195,{"date":492,"score":493,"percentile":494},"2025-12-27",0.00436,0.62478,{"date":496,"score":338,"percentile":497},"2025-12-28",0.63172,{"date":499,"score":338,"percentile":470},"2025-12-29",{"date":501,"score":338,"percentile":502},"2025-12-30",0.63178,{"date":504,"score":338,"percentile":505},"2025-12-31",0.63205,{"date":507,"score":417,"percentile":508},"2026-01-01",0.32218,{"date":510,"score":417,"percentile":511},"2026-01-02",0.32208,{"date":513,"score":417,"percentile":514},"2026-01-03",0.32188,{"date":516,"score":338,"percentile":490},"2026-01-04",{"date":518,"score":338,"percentile":519},"2026-01-05",0.63188,{"date":521,"score":338,"percentile":522},"2026-01-06",0.63185,{"date":524,"score":338,"percentile":525},"2026-01-07",0.63206,{"date":527,"score":338,"percentile":528},"2026-01-08",0.63228,{"date":530,"score":338,"percentile":531},"2026-01-09",0.63231,{"date":533,"score":338,"percentile":534},"2026-01-10",0.63225,{"date":536,"score":338,"percentile":537},"2026-01-11",0.63212,{"date":539,"score":338,"percentile":540},"2026-01-12",0.63192,{"date":542,"score":338,"percentile":543},"2026-01-13",0.6319,{"date":545,"score":338,"percentile":546},"2026-01-14",0.63233,{"date":548,"score":338,"percentile":549},"2026-01-15",0.6325,{"date":551,"score":338,"percentile":552},"2026-01-16",0.63269,{"date":554,"score":338,"percentile":555},"2026-01-17",0.63259,{"date":557,"score":338,"percentile":558},"2026-01-18",0.63247,{"date":560,"score":338,"percentile":561},"2026-01-19",0.63234,{"date":563,"score":338,"percentile":564},"2026-01-20",0.63249,{"date":566,"score":338,"percentile":549},"2026-01-21",{"date":568,"score":338,"percentile":569},"2026-01-22",0.63255,{"date":571,"score":338,"percentile":572},"2026-01-23",0.63289,{"date":574,"score":338,"percentile":575},"2026-01-24",0.63295,{"date":577,"score":338,"percentile":578},"2026-01-25",0.6326,{"date":580,"score":338,"percentile":549},"2026-01-26",{"date":582,"score":338,"percentile":578},"2026-01-27",{"date":584,"score":338,"percentile":585},"2026-01-28",0.6327,{"date":587,"score":338,"percentile":588},"2026-01-29",0.63266,{"date":590,"score":338,"percentile":591},"2026-01-30",0.63272,{"date":593,"score":338,"percentile":594},"2026-01-31",0.63276,{"date":596,"score":417,"percentile":597},"2026-02-01",0.3179,[599,606,610],{"source":307,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":600,"cvss_v4_0":9},{"baseScore":601,"baseSeverity":602,"vectorString":603,"impactScore":604,"exploitabilityScore":605},6.7,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",9.2,3.1,{"source":301,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":607,"cvss_v4_0":9},{"baseScore":299,"baseSeverity":608,"vectorString":302,"impactScore":609,"exploitabilityScore":605},"HIGH",9.8,{"source":308,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":611,"cvss_v4_0":9},{"baseScore":601,"baseSeverity":9,"vectorString":603,"impactScore":604,"exploitabilityScore":605},[613,626,649],{"ecosystem":614,"name":615,"vendor":616,"product":617,"cpe_part":9,"purl_type":618,"purl_namespace":616,"purl_name":617,"source":9,"versions":619},"Go","github.com/grafana/grafana","github.com/grafana","grafana","golang",[620],{"version":621,"is_range":622,"range_type":623,"version_start":9,"version_start_type":9,"version_end":624,"version_end_type":625,"fixed_in":9},"lte10_1_5",true,"semver","10.1.5","including",{"ecosystem":9,"name":617,"vendor":617,"product":617,"cpe_part":627,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":628},"a",[629,635,639,643,647],{"version":630,"is_range":622,"range_type":631,"version_start":632,"version_start_type":625,"version_end":633,"version_end_type":634,"fixed_in":9},"gte8.0.0_lt9.4.16","cpe","8.0.0","9.4.16","excluding",{"version":636,"is_range":622,"range_type":631,"version_start":637,"version_start_type":625,"version_end":638,"version_end_type":634,"fixed_in":9},"gte9.5.0_lt9.5.11","9.5.0","9.5.11",{"version":640,"is_range":622,"range_type":631,"version_start":641,"version_start_type":625,"version_end":642,"version_end_type":634,"fixed_in":9},"gte10.0.0_lt10.0.7","10.0.0","10.0.7",{"version":644,"is_range":622,"range_type":631,"version_start":645,"version_start_type":625,"version_end":646,"version_end_type":634,"fixed_in":9},"gte10.1.0_lt10.1.3","10.1.0","10.1.3",{"version":648,"is_range":295,"range_type":631,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.1.4",{"ecosystem":9,"name":650,"vendor":617,"product":651,"cpe_part":627,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":652},"Grafana Enterprise","grafana enterprise",[653,655,657,659],{"version":654,"is_range":622,"range_type":307,"version_start":632,"version_start_type":625,"version_end":633,"version_end_type":634,"fixed_in":9},">= 8.0.0, \u003C 9.4.16",{"version":656,"is_range":622,"range_type":307,"version_start":637,"version_start_type":625,"version_end":638,"version_end_type":634,"fixed_in":9},">= 9.5.0, \u003C 9.5.11",{"version":658,"is_range":622,"range_type":307,"version_start":641,"version_start_type":625,"version_end":642,"version_end_type":634,"fixed_in":9},">= 10.0.0, \u003C 10.0.7",{"version":660,"is_range":622,"range_type":307,"version_start":645,"version_start_type":625,"version_end":646,"version_end_type":634,"fixed_in":9},">= 10.1.0, \u003C 10.1.3"]