CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-39328

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.6%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch
https://security.netapp.com/advisory/ntap-20221215-0003/
https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch
https://security.netapp.com/advisory/ntap-20221215-0003/

Products affected by CVE-2022-39328

Grafana » Grafana » Version: 9.2.0

cpe:2.3:a:grafana:grafana:9.2.0
Grafana » Grafana » Version: 9.2.1

cpe:2.3:a:grafana:grafana:9.2.1
Grafana » Grafana » Version: 9.2.2

cpe:2.3:a:grafana:grafana:9.2.2
Grafana » Grafana » Version: 9.2.3

cpe:2.3:a:grafana:grafana:9.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39328

Products

Pricing

Contact Us