CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://grafana.com/docs/enterprise-logs/latest/gel-releases/#v121----may-3-2022
https://security.netapp.com/advisory/ntap-20220707-0004/
https://grafana.com/docs/enterprise-logs/latest/gel-releases/#v121----may-3-2022
https://security.netapp.com/advisory/ntap-20220707-0004/

Products affected by CVE-2022-28660

Grafana » Grafana » Version: 1.1.0

cpe:2.3:a:grafana:grafana:1.1.0
Grafana » Grafana » Version: 1.2.0

cpe:2.3:a:grafana:grafana:1.2.0
Grafana » Grafana » Version: 1.3.0

cpe:2.3:a:grafana:grafana:1.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-28660

Products

Pricing

Contact Us