CVE-2022-35957: 
Grafana vulnerability analysis and mitigation

CVE-2022-35957 affects Grafana, an open-source platform for monitoring and observability. The vulnerability was discovered on August 9, 2022, and affects versions prior to 9.1.6 and 8.5.13. This security issue allows for privilege escalation from admin to server admin when the auth proxy authentication feature is used (GitHub Advisory).

The vulnerability occurs when auth proxy authentication is used, which allows user authentication by only providing the username or email in an X-WEBAUTH-USER HTTP header. The trust assumption is broken through the datasource proxy feature, where it's possible to configure a fake datasource pointing to a localhost Grafana install with an X-WEBAUTH-USER HTTP header containing admin username. This fake datasource can be called publicly via the proxying feature. The vulnerability has been assigned a CVSS v3.1 score of 6.6 (Moderate) with the vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H (GitHub Advisory).

Successful exploitation of this vulnerability could lead to privilege escalation, allowing an admin user to gain server admin privileges. This could potentially result in unauthorized access to sensitive information, system configuration changes, and full control over the Grafana instance (NetApp Security).

The primary mitigation is to upgrade to the patched versions: Grafana 9.1.6, 9.0.9, or 8.5.13. If immediate upgrading is not possible, administrators can alternatively deactivate the auth proxy feature as a temporary workaround. Grafana Cloud instances have already been patched, and cloud providers offering Grafana Pro, including Amazon Managed Grafana and Azure's Grafana service, have confirmed their offerings are secure (GitHub Advisory).