The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
References
Link | Resource |
---|---|
https://grafana.com/docs/enterprise-logs/latest/gel-releases/#v121----may-3-2022 | Release Notes Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220707-0004/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Oct 2022, 15:45
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220707-0004/ - Third Party Advisory |
07 Jul 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2022, 16:24
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 | |
References | (CONFIRM) https://grafana.com/docs/enterprise-logs/latest/gel-releases/#v121----may-3-2022 - Release Notes, Vendor Advisory | |
First Time |
Grafana
Grafana grafana |
|
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* cpe:2.3:a:grafana:grafana:1.3.0:*:*:*:enterprise:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
20 May 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-20 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-28660
Mitre link : CVE-2022-28660
CVE.ORG link : CVE-2022-28660
JSON object : View
Products Affected
grafana
- grafana
CWE
CWE-306
Missing Authentication for Critical Function