VYPR
High severityNVD Advisory· Published Sep 20, 2022· Updated Jan 28, 2026

Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin

CVE-2022-35957

Description

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/grafana/grafanaGo
>= 9.1.0, < 9.1.69.1.6
github.com/grafana/grafanaGo
>= 9.0.0, < 9.0.99.0.9
github.com/grafana/grafanaGo
< 8.5.138.5.13

Affected products

112

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.