CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35957 – Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin
https://notcve.org/view.php?id=CVE-2022-35957
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/ Grafana es una plataforma de código abierto para la monitorización y la observabilidad. Las versiones anteriores a 9.1.6 y 8.5.13, son vulnerables a una escalada de admin a server admin cuando es usado auth proxy, lo que permite a un admin tomar la cuenta de server admin y obtener el control total de la instancia de grafana. • https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H https://security.netapp.com/advisory/ntap-20221215-0001 https://access.redhat.com/security/cve/CVE-2022-35957 https://bugzilla.redhat.com/show_bug.cgi?id=2125514 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31107 – Grafana account takeover via OAuth vulnerability
https://notcve.org/view.php?id=CVE-2022-31107
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. • https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31107 https://bugzilla.redhat.com/show_bug.cgi?id=2104367 • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31097 – Stored XSS in Grafana's Unified Alerting
https://notcve.org/view.php?id=CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. • https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31097 https://bugzilla.redhat.com/show_bug.cgi?id=2104365 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32276
https://notcve.org/view.php?id=CVE-2022-32276
Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability ** EN DISPUTA ** Grafana versión 8.4.3, permite el acceso no autenticado por medio de (por ejemplo) un URI /dashboard/snapshot/*?orgId=0. NOTA: el proveedor considera que esto es un error de la interfaz de usuario, no una vulnerabilidad • https://github.com/BrotherOfJhonny/grafana/blob/main/README.md https://github.com/grafana/grafana/issues/50336 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-32275
https://notcve.org/view.php?id=CVE-2022-32275
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content ** EN DISPUTA ** Grafana versión 8.4.3, permite leer archivos por medio de (por ejemplo) un /dashboard/snapshot/%7B%7Bconstructor.constructor"/. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTA: la posición del proveedor es que no hay ninguna vulnerabilidad; esta petición produce una página de error benigna, no el contenido de /etc/passwd. • https://github.com/BrotherOfJhonny/grafana https://github.com/BrotherOfJhonny/grafana/blob/main/README.md https://github.com/grafana/grafana/issues/50336 https://github.com/grafana/grafana/issues/50341#issuecomment-1155252393 https://grafana.com https://security.netapp.com/advisory/ntap-20220715-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •