{"id":"GO-2024-2847","summary":"Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana","details":"Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/grafana/grafana before v8.5.13, from v9.0.0 before v9.0.9, from v9.1.0 before v9.1.6.","aliases":["BIT-grafana-2022-35957","CVE-2022-35957","GHSA-ff5c-938w-8c9q"],"modified":"2026-03-17T04:53:15.467132Z","published":"2024-06-05T15:10:42Z","related":["CGA-5ggq-2mjf-8mqx"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-2847"},"references":[{"type":"ADVISORY","url":"https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35957"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20221215-0001"}],"affected":[{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"custom_ranges":[{"events":[{"introduced":"0"},{"fixed":"8.5.13"},{"introduced":"9.0.0"},{"fixed":"9.0.9"},{"introduced":"9.1.0"},{"fixed":"9.1.6"}],"type":"ECOSYSTEM"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2847.json"}}],"schema_version":"1.7.5"}