cve-2022-31107
Vulnerability from cvelistv5
Published
2022-07-15 12:30
Modified
2024-08-03 07:11
Summary
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:38.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220901-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grafana",
          "vendor": "grafana",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.3, \u003c 8.3.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0, \u003c 8.4.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0, \u003c 8.5.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 9.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user\u0027s external user id is not already associated with an account in Grafana, the malicious user\u0027s email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user\u0027s Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-01T13:06:35",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220901-0010/"
        }
      ],
      "source": {
        "advisory": "GHSA-mx47-6497-3fv2",
        "discovery": "UNKNOWN"
      },
      "title": "Grafana account takeover via OAuth vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31107",
          "STATE": "PUBLIC",
          "TITLE": "Grafana account takeover via OAuth vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grafana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 5.3, \u003c 8.3.10"
                          },
                          {
                            "version_value": "\u003e= 8.4.0, \u003c 8.4.10"
                          },
                          {
                            "version_value": "\u003e= 8.5.0, \u003c 8.5.9"
                          },
                          {
                            "version_value": "\u003e= 9.0.0, \u003c 9.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "grafana"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user\u0027s external user id is not already associated with an account in Grafana, the malicious user\u0027s email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user\u0027s Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863: Incorrect Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/",
              "refsource": "MISC",
              "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/"
            },
            {
              "name": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2",
              "refsource": "CONFIRM",
              "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
            },
            {
              "name": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/",
              "refsource": "MISC",
              "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/"
            },
            {
              "name": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/",
              "refsource": "MISC",
              "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220901-0010/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220901-0010/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-mx47-6497-3fv2",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31107",
    "datePublished": "2022-07-15T12:30:14",
    "dateReserved": "2022-05-18T00:00:00",
    "dateUpdated": "2024-08-03T07:11:38.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-31107\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-07-15T13:15:08.397\",\"lastModified\":\"2024-11-21T07:03:54.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user\u0027s external user id is not already associated with an account in Grafana, the malicious user\u0027s email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user\u0027s Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.\"},{\"lang\":\"es\",\"value\":\"Grafana es una plataforma de c\u00f3digo abierto para la monitorizaci\u00f3n y la observaci\u00f3n. En versiones 5.3 hasta 9.0.3, 8.5.9, 8.4.10 y 8.3.10, es posible que un usuario malicioso que tenga autorizaci\u00f3n para iniciar sesi\u00f3n en una instancia de Grafana por medio de un IdP de OAuth configurado que proporcione un nombre de inicio de sesi\u00f3n, tome la cuenta de otro usuario en esa instancia de Grafana. Esto puede ocurrir cuando el usuario malicioso est\u00e1 autorizado a iniciar sesi\u00f3n en Grafana por medio de OAuth, el id de usuario externo del usuario malicioso no est\u00e1 ya asociado a una cuenta en Grafana, la direcci\u00f3n de correo electr\u00f3nico del usuario malicioso no est\u00e1 ya asociada a una cuenta en Grafana, y el usuario malicioso conoce el nombre de usuario de Grafana del usuario objetivo. Si son cumplidas estas condiciones, el usuario malicioso puede establecer su nombre de usuario en el proveedor OAuth al del usuario objetivo, y luego pasar por el flujo OAuth para iniciar sesi\u00f3n en Grafana. Debido a la forma en que las cuentas de usuario externas e internas est\u00e1n vinculadas durante el inicio de sesi\u00f3n, si las condiciones anteriores son cumplidas, el usuario malicioso podr\u00e1 iniciar sesi\u00f3n en la cuenta de Grafana del usuario objetivo. Las versiones 9.0.3, 8.5.9, 8.4.10 y 8.3.10 contienen un parche para este problema. Como mitigaci\u00f3n, los usuarios afectados pueden deshabilitar el inicio de sesi\u00f3n de OAuth en su instancia de Grafana, o asegurarse de que todos los usuarios autorizados a iniciar sesi\u00f3n por medio de OAuth presentan una cuenta de usuario correspondiente en Grafana vinculada a su direcci\u00f3n de correo electr\u00f3nico\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3.0\",\"versionEndExcluding\":\"8.3.10\",\"matchCriteriaId\":\"84AA9DAD-BDBD-402E-B680-250A7295B57E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.4.0\",\"versionEndExcluding\":\"8.4.10\",\"matchCriteriaId\":\"A5136FB0-D7F8-4BDD-9C70-CB2648065A1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.9\",\"matchCriteriaId\":\"7C2FAADE-D9EA-431C-ACFA-9F846F14B5A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.3\",\"matchCriteriaId\":\"A29E8B3E-D3A9-49A4-ABCD-4E87F8B527DD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B8DB06-590A-4008-B0AB-FCD1401C77C6\"}]}]}],\"references\":[{\"url\":\"https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220901-0010/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220901-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.