VDB
CVE-2022-35957
CVE-2022-35957
PUBLISHED
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/
EPSS 0.88% · 75.8th percentile
Risk Scores
EPSS Score
0.88%
75.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | grafana | 0, 9.0.0, 9.1.0 |
| Bitnami | grafana | 0, 9.0.0, 9.1.0 |
Timeline
- Sep 20, 2022 CVE Published
- Sep 21, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Dec 19, 2022 EPSS Score
- Feb 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 19, 2023 EPSS Score
- May 3, 2023 EPSS Score
- Jun 16, 2023 EPSS Score
- Jul 31, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
References
- https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H/ url
- https://security.netapp.com/advisory/ntap-20221215-0001/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-35957 url