SecuritySpace - CVE-2022-35957

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2022-35957

Description: Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup- grafana/configure-security/configure-authentication/auth-proxy/

Test IDs: 1.3.6.1.4.1.25623.1.0.822524 1.3.6.1.4.1.25623.1.0.148743

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2022-35957
https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H/

CVE ID:	CVE-2022-35957
Description:	Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup- grafana/configure-security/configure-authentication/auth-proxy/
Test IDs:	1.3.6.1.4.1.25623.1.0.822524 1.3.6.1.4.1.25623.1.0.148743
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2022-35957 https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H/