CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS
Percentile
68.6%
Grafana Labs reports:
On August 9 an internal security review identified a vulnerability
in the Grafana which allows an escalation from Admin privileges
to Server Admin when Auth proxy authentication is used.
Auth proxy allows to authenticate a user by only providing the username
(or email) in a X-WEBAUTH-USER HTTP header: the trust assumption
is that a front proxy will take care of authentication and that Grafana server
is publicly reachable only with this front proxy.
Datasource proxy breaks this assumption:
it is possible to configure a fake datasource pointing to a localhost
Grafana install with a X-WEBAUTH-USER HTTP header containing
admin username.
This fake datasource can be called publicly via this proxying feature.
The CVSS score for this vulnerability is 6.6 Moderate
(CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | grafana | = 2.1.0 | UNKNOWN |
FreeBSD | any | noarch | grafana | < 8.5.13 | UNKNOWN |
FreeBSD | any | noarch | grafana7 | = 7.0 | UNKNOWN |
FreeBSD | any | noarch | grafana8 | = 8.0.0 | UNKNOWN |
FreeBSD | any | noarch | grafana8 | < 8.5.13 | UNKNOWN |
FreeBSD | any | noarch | grafana9 | = 9.0.0 | UNKNOWN |
FreeBSD | any | noarch | grafana9 | < 9.0.9 | UNKNOWN |