6.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-35957

GHSA ID

GHSA-ff5c-938w-8c9q

EPSS Score

0.71715%

CWE

CWE-290

Published

5/14/2024

Updated

11/18/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-35957

CVE-2022-35957: Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy.

Release 9.1.6, latest patch, also containing security fix:

Release 9.0.9, only containing security fix:

Release 8.5.13, only containing security fix:

Appropriate patches have been applied to Grafana Cloud and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana and Azure's Grafana as a service offering.

Privilege escalation (CVE-2022-35957)

Summary

On August 9 an internal security review identified a vulnerability in the Grafana which allows an escalation from Admin privileges to Server Admin when Auth proxy authentication is used.

Auth proxy allows to authenticate a user by only providing the username (or email) in a X-WEBAUTH-USER HTTP header: the trust assumption is that a front proxy will take care of authentication and that Grafana server is publicly reachable only with this front proxy.

Miggo Vulnerability Database

→

CVE-2022-35957

CVE-2022-35957:

6.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-35957

GHSA ID

GHSA-ff5c-938w-8c9q

EPSS Score

0.71715%

CWE

CWE-290

Published

5/14/2024

Updated

11/18/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/grafana/grafana	go	>= 9.1.0, < 9.1.6	9.1.6
github.com/grafana/grafana	go	>= 9.0.0, < 9.0.9	9.0.9
github.com/grafana/grafana	go	< 8.5.13	8.5.13

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the datasource proxy feature improperly trusting user-controlled headers (X-WEBAUTH-USER) when making requests to localhost. The proxyRequests function is responsible for forwarding these requests and headers. Since it didn't sanitize privileged headers for internal requests, attackers could escalate privileges by configuring a malicious datasource pointing to localhost with forged auth headers. The CWE-290 classification and vulnerability description directly implicate the header handling in datasource proxy functionality.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.6

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-35957: Grafana Escalation from admin to server admin when auth proxy is used

Privilege escalation (CVE-2022-35957)

Summary

CVE-2022-35957:

6.6

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2022-35957: Grafana Escalation from admin to server admin when auth proxy is used

Privilege escalation (CVE-2022-35957)

Summary

Impacted versions

Solutions and mitigations

Timeline

Reporting security issues

Security announcements

6.6

6.6

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI