Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAE41BFA5BE33CC7F7914EC1DB86EFCE24C106A99929781E4838260AB898CA960
HistoryNov 01, 2023 - 7:47 p.m.

Security Bulletin: IBM Storage Ceph is vulnerable to authentication bypass by spoofing in Grafana (CVE-2022-35957)

2023-11-0119:47:15
www.ibm.com
14
ibm storage ceph
authentication bypass
grafana
cve-2022-35957
vulnerability
elevated privileges
server admin account
full control
upgrade
ibm storage ceph 6.1

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

68.6%

JSON

Summary

Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-35957

Vulnerability Details

CVEID:CVE-2022-35957
**DESCRIPTION:**Grafana could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to take over the server admin account and gain full control of the Grafana instance.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236783 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Ceph <6.1
IBM Storage Ceph 5.3z1-z4

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.
Download the latest version of IBM Storage Ceph and upgrade to 6.1 by following instructions.

<https://public.dhe.ibm.com/ibmdl/export/pub/storage/ceph/&gt;
<https://www.ibm.com/docs/en/storage-ceph/6?topic=upgrading&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorage_cephMatch5.3
OR
ibmstorage_cephMatch1
OR
ibmstorage_cephMatch4
VendorProductVersionCPE
ibmstorage_ceph5.3cpe:2.3:a:ibm:storage_ceph:5.3:*:*:*:*:*:*:*
ibmstorage_ceph1cpe:2.3:a:ibm:storage_ceph:1:*:*:*:*:*:*:*
ibmstorage_ceph4cpe:2.3:a:ibm:storage_ceph:4:*:*:*:*:*:*:*

Related

osv 7
cgr 1
openvas 4
cvelist 1
cve 1
github 1
ubuntucve 1
prion 1
fedora 1
veracode 1
nessus 9
alpinelinux 1
nvd 1
redhatcve 1
freebsd 1
almalinux 1
redhat 2
oraclelinux 1
altlinux 1
redos 1
ibm 1
osv
osv
CVE-2022-35957
2022-09-20 23:15:09
Grafana Escalation from admin to server admin when auth proxy is used
2024-05-14 22:25:56
Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
2024-06-05 15:10:42
cgr
cgr
CVE-2022-35957 vulnerabilities
2024-05-19 03:07:16
openvas
openvas
Fedora: Security Advisory for grafana (FEDORA-2022-2eb4418018)
2022-09-27 00:00:00
Grafana Privilege Escalation Vulnerability (GHSA-ff5c-938w-8c9q)
2022-09-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4428-1)
2022-12-14 00:00:00
cvelist
cvelist
CVE-2022-35957 Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin
2022-09-20 00:00:00
cve
cve
CVE-2022-35957
2022-09-20 23:15:09
github
github
Grafana Escalation from admin to server admin when auth proxy is used
2024-05-14 22:25:56
ubuntucve
ubuntucve
CVE-2022-35957
2022-09-20 00:00:00
prion
prion
Design/Logic Flaw
2022-09-20 23:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: grafana-9.0.9-1.fc37
2022-09-27 00:16:46
veracode
veracode
Privilege Escalation
2022-09-21 07:49:44
nessus
nessus
FreeBSD : Grafana -- Privilege escalation (95e6e6ca-3986-11ed-8e0c-6c3be5272acd)
2022-09-21 00:00:00
RHEL 9 : grafana (RHSA-2023:2167)
2023-05-13 00:00:00
AlmaLinux 9 : grafana (ALSA-2023:2167)
2023-05-14 00:00:00
alpinelinux
alpinelinux
CVE-2022-35957
2022-09-20 23:15:09
nvd
nvd
CVE-2022-35957
2022-09-20 23:15:09
redhatcve
redhatcve
CVE-2022-35957
2022-09-21 05:18:49
freebsd
freebsd
Grafana -- Privilege escalation
2022-08-09 00:00:00
almalinux
almalinux
Moderate: grafana security and enhancement update
2023-05-09 00:00:00
redhat
redhat
(RHSA-2023:2167) Moderate: grafana security and enhancement update
2023-05-09 05:02:10
(RHSA-2023:3642) Important: Red Hat Ceph Storage 6.1 Container security and bug fix update
2023-06-15 15:57:53
oraclelinux
oraclelinux
grafana security and enhancement update
2023-05-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
2023-01-31 00:00:00
redos
redos
ROS-20240404-01
2024-04-04 00:00:00
ibm
ibm
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana
2023-11-17 16:01:52

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

68.6%

JSON
Related for AE41BFA5BE33CC7F7914EC1DB86EFCE24C106A99929781E4838260AB898CA960
osv7cgr1openvas4cvelist1cve1github1ubuntucve1prion1fedora1veracode1nessus9alpinelinux1nvd1redhatcve1freebsd1almalinux1redhat2oraclelinux1altlinux1redos1ibm1