I'm a beta, not like one of those pretty fighting fish, but like an early test version. So,
our vampires, I mean lawyers want you to know that I may get answers wrong.
Feedback
Write a short description about your experience with Grot, our AI Beta.
Rate your experience(required)
Escalation from admin to server admin when auth proxy is used
CVE ID: CVE-2022-35957
Date Published: September 20, 2022
Description:
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/