According to its self-reported version number, the version of Grafana Labs Enterprise edition running on the remote host is a version 8.0.0 prior to 9.4.17, 9.5.x prior to 9.5.13, 10.0.x prior to 10.0.9 or 10.1.x prior to 10.1.5. It is, therefore, affected by a security bypass vulnerability:

 - The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization    Admin permissions in one organization to change the permissions associated with Organization Viewer,    Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin    to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin    can elevate their own permissions in any organization that they are already a member of, or elevate or restrict    the permissions of any other user. The vulnerability does not allow a user to become a member of an organization    that they are not already a member of, or to add any other users to an organization that the current user is not    a member of. (CVE-2023-4822)   Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version  number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    These new packages include numerous enhancements, bug fixes, and known issues. Space precludes documenting     all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for     information on the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/index

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
184129	Grafana Labs Security Bypass (CVE-2023-4822)	Nessus	Web Servers	11/1/2023	6/19/2024	high
200554	RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)	Nessus	Red Hat Local Security Checks	6/14/2024	6/14/2024	critical

Detections

Analytics

Plugins Search

high

critical