CVE-2022-46792
- Source
- https://cve.org/CVERecord?id=CVE-2022-46792
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46792.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-46792
- Related
- Published
- 2022-12-08T06:15:08.940Z
- Modified
- 2026-04-10T04:52:45.293051Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)
- References
Affected packages
Git / github.com/hasura/graphql-engine
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hasura/graphql-engine
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "2.10.0" }, { "fixed": "2.10.2" }, { "introduced": "2.11.0" }, { "fixed": "2.11.3" }, { "introduced": "2.13.0" }, { "fixed": "2.13.2" }, { "introduced": "2.15.0" }, { "fixed": "2.15.2" }, { "introduced": "0" }, { "last_affected": "2.12.0-NA" }, { "introduced": "0" }, { "last_affected": "2.14.0-NA" } ] }
Affected versions
cli/v2.*
cli/v2.1.0
cli/v2.1.1
cli/v2.10.0
cli/v2.10.0-beta.1
cli/v2.10.1
cli/v2.11.0
cli/v2.11.0-beta.1
cli/v2.11.1
cli/v2.11.2
cli/v2.12.0
cli/v2.12.0-beta.1
cli/v2.13.0
cli/v2.13.1
cli/v2.14.0
cli/v2.14.0-beta.1
cli/v2.14.0-beta.2
cli/v2.15.0
cli/v2.15.1
cli/v2.15.2
cli/v2.2.0
cli/v2.8.0-beta.1
cli/v2.9.0-beta.1
v1.*
v1.0.0-alpha0
v1.0.0-alpha01
v1.0.0-alpha02
v1.0.0-alpha03
v1.0.0-alpha04
v1.0.0-alpha05
v1.0.0-alpha06
v1.0.0-alpha07
v1.0.0-alpha08
v1.0.0-alpha09
v1.0.0-alpha10
v1.0.0-alpha11
v1.0.0-alpha12
v1.0.0-alpha13
v1.0.0-alpha14
v1.0.0-alpha15
v1.0.0-alpha16
v1.0.0-alpha17
v1.0.0-alpha18
v1.0.0-alpha20
v1.0.0-alpha21
v1.0.0-alpha22
v1.0.0-alpha23
v1.0.0-alpha24
v1.0.0-alpha25
v1.0.0-alpha26
v1.0.0-alpha27
v1.0.0-alpha28
v1.0.0-alpha29
v1.0.0-alpha30
v1.0.0-alpha31
v1.0.0-alpha32
v1.0.0-alpha33
v1.0.0-alpha34
v1.0.0-alpha35
v1.0.0-alpha36
v1.0.0-alpha37
v1.0.0-alpha38
v1.0.0-alpha39
v1.0.0-alpha40
v1.0.0-alpha41
v1.0.0-alpha42
v1.0.0-alpha43
v1.0.0-alpha44
v1.0.0-alpha45
v1.0.0-beta.1
v1.0.0-beta.10
v1.0.0-beta.2
v1.0.0-beta.3
v1.0.0-beta.4
v1.0.0-beta.5
v1.0.0-beta.6
v1.0.0-beta.7
v1.0.0-beta.8
v1.0.0-beta.9
v1.0.0-rc.1
v2.*
v2.0.0-alpha.3
v2.0.0-alpha.4
v2.0.0-alpha.7
v2.0.0-beta.1
v2.0.1
v2.0.7
v2.0.8
v2.1.0
v2.1.0-beta.1
v2.1.0-beta.3
v2.10.0
v2.10.0-beta.1
v2.10.1
v2.11.0
v2.11.0-beta.1
v2.11.1
v2.11.2
v2.12.0
v2.12.0-beta.1
v2.13.0
v2.13.1
v2.14.0
v2.14.0-beta.1
v2.14.0-beta.2
v2.15.0
v2.15.1
v2.2.0
v2.3.0-beta.1
v2.4.0-beta.2
v2.8.0-beta.1
v2.9.0-beta.1
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.12.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.14.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.14.0-beta2"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46792.json"