CVE-2021-41244 log

Severity Medium
Remote Yes
Type Access restriction bypass
A security issue has been found in Grafana 8.0 before version 8.2.4. When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, users with the Organization Admin role can list, add, remove, and update users’ roles in other organizations in which they are not an admin.
Group Package Affected Fixed Severity Status Ticket
AVG-2559 grafana 8.2.3-1 8.2.4-1 Medium Fixed
Date Advisory Group Package Severity Type
18 Nov 2021 ASA-202111-6 AVG-2559 grafana Medium access restriction bypass

If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.