Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20221215-0003/ | Third Party Advisory |
Configurations
History
16 Feb 2023, 03:14
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221215-0003/ - Third Party Advisory | |
References | (CONFIRM) https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch - Vendor Advisory |
15 Dec 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2022, 17:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
References | (CONFIRM) https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch - Third Party Advisory | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* | |
CWE | CWE-362 | |
First Time |
Grafana
Grafana grafana |
08 Nov 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-08 23:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-39328
Mitre link : CVE-2022-39328
CVE.ORG link : CVE-2022-39328
JSON object : View
Products Affected
grafana
- grafana
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')