{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/vex/2023/cve-2023-2183-els_os-almalinux9_2esu.json" } ], "title": "Security update on CVE-2023-2183", "tracking": { "current_release_date": "2026-01-19T22:18:29Z", "generator": { "date": "2026-01-19T22:18:29Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-2183-ELS_OS-ALMALINUX9.2ESU", "initial_release_date": "2023-06-06T19:15:00Z", "revision_history": [ { "date": "2023-06-06T19:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-10-08T17:53:35Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-10-30T10:47:49Z", "number": "3", "summary": "Update document" }, { "date": "2025-11-29T11:37:23Z", "number": "4", "summary": "Update document" }, { "date": "2025-12-23T19:08:30Z", "number": "5", "summary": "Update document" }, { "date": "2026-01-19T22:18:29Z", "number": "6", "summary": "Update document" } ], "status": "final", "version": "6" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/grafana@9.0.9-4.el9_2.alma.1.tuxcare.els3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "grafana-0:9.0.9-4.el9_2.alma.1.x86_64", "product": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.x86_64", "product_id": "grafana-0:9.0.9-4.el9_2.alma.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/grafana@9.0.9-4.el9_2.alma.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:9.0.9-4.el9_2.alma.1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.x86_64" }, "product_reference": "grafana-0:9.0.9-4.el9_2.alma.1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2183", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "description", "text": "Grafana is an open-source platform for monitoring and observability. \n\nThe option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.\n\nThis might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.\n\nUsers may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-2183" }, { "category": "external", "summary": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3", "url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3" }, { "category": "external", "summary": "https://grafana.com/security/security-advisories/cve-2023-2183/", "url": "https://grafana.com/security/security-advisories/cve-2023-2183/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230706-0002/", "url": "https://security.netapp.com/advisory/ntap-20230706-0002/" } ], "release_date": "2023-06-06T19:15:00Z", "remediations": [ { "category": "no_fix_planned", "details": "Ignored due to low severity", "product_ids": [ "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.x86_64" ] }, { "category": "no_fix_planned", "details": "This issue requires an authenticated Viewer account and direct API access to the Grafana endpoint, so it cannot be exploited anonymously or without prior access. The flaw only enables triggering “test” notifications to already-configured contact points and does not expose data, alter configurations, or provide privilege escalation. As the practical impact is limited to potential alert spam rather than confidentiality or integrity compromise, it is reasonable to treat this as low priority in managed enterprise deployments.", "product_ids": [ "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els1.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els10.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els6.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:grafana-0:9.0.9-4.el9_2.alma.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }