Grafana Privilege Escalation Vulnerability (GHSA-ff5c-938w-8c9q) CVE-2022-35957
- CVSSv3 Score
- Vulnerability description
Grafana is prone to a privilege escalation vulnerability.
- Risk description
Grafana allows an escalation from Admin privileges to Server Admin when Auth proxy authentication is used. Auth proxy allows to authenticate a user by only providing the username (or email) in a X-WEBAUTH-USER HTTP header: the trust assumption is that a front proxy will take care of authentication and that Grafana server is publicly reachable only with this front proxy. Datasource proxy breaks this assumption: - it is possible to configure a fake datasource pointing to a localhost Grafana install with a X-WEBAUTH-USER HTTP header containing admin username. - This fake datasource can be called publicly via this proxying feature.
Update to version 8.5.13, 9.0.9, 9.1.6 or later.
- Not available