How severe is CVE-2022-35957?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2022-35957?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2022-35957 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/

Related Vulnerabilities

CVE-2023-41329

MEDIUM

CVSS:6.6(Medium)

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specifi...

CWE-2902023

CVE-2024-36557

MEDIUM

CVSS:6.6(Medium)

The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b...

CWE-2902024

CVE-2017-12095

MEDIUM

CVSS:6.5(Medium)

An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default crede...

CWE-2902017

CVE-2017-12096

MEDIUM

CVSS:6.5(Medium)

An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted net...

CWE-2902017

CVE-2019-10875

MEDIUM

CVSS:6.5(Medium)

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query paramet...

CWE-2902019

CVE-2019-13709

MEDIUM

CVSS:6.5(Medium)

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

CWE-2902019