BIT-grafana-2022-28660
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2022-28660.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-grafana-2022-28660
- Aliases
-
- CVE-2022-28660
- Published
- 2024-03-06T10:57:08.207Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
- Database specific
{ "severity": "Critical", "cpes": [ "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:grafana:grafana:1.3.0:*:*:*:enterprise:*:*:*" ] }- References
Affected packages
Bitnami / grafana
Package
- Name
- grafana
- Purl
- pkg:bitnami/grafana
Severity
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator