CVE-2023-4822 Affecting librados2 package, versions <2:18.2.1-194.el9cp


Severity

Recommended
critical

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.09% (40th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL9-LIBRADOS2-7268853
  • published19 Jun 2024
  • disclosed12 Oct 2023

Introduced: 12 Oct 2023

CVE-2023-4822  (opens in a new tab)

How to fix?

Upgrade RHEL:9 librados2 to version 2:18.2.1-194.el9cp or higher.
This issue was patched in RHSA-2024:3925.

NVD Description

Note: Versions mentioned in the description apply only to the upstream librados2 package and not the librados2 package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.

It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.

This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.

The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.

CVSS Scores

version 3.1