blob: 44309c95da33f14207b0460ae503dc74e53d6e44 [file] [log] [blame]
id: GO-2024-2847
modules:
- module: github.com/grafana/grafana
non_go_versions:
- fixed: 8.5.13
- introduced: 9.0.0
- fixed: 9.0.9
- introduced: 9.1.0
- fixed: 9.1.6
vulnerable_at: 5.4.5+incompatible
summary: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
cves:
- CVE-2022-35957
ghsas:
- GHSA-ff5c-938w-8c9q
unknown_aliases:
- BIT-grafana-2022-35957
references:
- advisory: https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-35957
- web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H
- web: https://security.netapp.com/advisory/ntap-20221215-0001
source:
id: GHSA-ff5c-938w-8c9q
created: 2024-06-04T14:27:32.534925-04:00
review_status: UNREVIEWED