Wiz
Vulnerability DatabaseCVE-2022-31107

CVE-2022-31107
Grafana vulnerability analysis and mitigation

Overview

CVE-2022-31107 is a high severity OAuth account takeover vulnerability affecting Grafana versions prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10. The vulnerability was discovered on June 27, 2022, by the HTTPVoid team and disclosed to Grafana Labs. It affects all Grafana versions from 5.3 onwards (GitHub Security Advisory).

Technical details

The vulnerability allows a malicious user who has authorization to log into a Grafana instance via a configured OAuth Identity Provider (IdP) to potentially take over an existing Grafana account under certain conditions. The vulnerability has been assigned a CVSS score of 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L) indicating high severity (GitHub Security Advisory).

Impact

Successful exploitation of this vulnerability could lead to account takeover, allowing unauthorized access to sensitive information, addition or modification of data, and potential service disruption (NetApp Security).

Mitigation and workarounds

The primary mitigation is to upgrade to the patched versions: Grafana 9.0.3, 8.5.9, 8.4.10, or 8.3.10. As a workaround, administrators can either disable OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address (GitHub Security Advisory).

Additional resources

SourceThis report was generated using AI

Related Grafana vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-15284HIGH8.7
  • JavaScriptJavaScript
  • renovate
NoYesDec 29, 2025
CVE-2026-22610HIGH8.5
  • JavaScriptJavaScript
  • firefox
NoYesJan 10, 2026
CVE-2026-22029HIGH8
  • JavaScriptJavaScript
  • grafana
NoYesJan 10, 2026
CVE-2025-68429HIGH7.3
  • JavaScriptJavaScript
  • grafana
NoYesDec 17, 2025
CVE-2025-14505MEDIUM5.6
  • JavaScriptJavaScript
  • grafana-postgres
NoNoJan 08, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo