← Volver a CVEs

CVE-2022-39328

CRITICAL

9.8

Descripcion

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado11/8/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

grafana:grafana

Debilidades (CWE)

CWE-362CWE-362

Referencias

https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch(security-advisories@github.com)

https://security.netapp.com/advisory/ntap-20221215-0003/(security-advisories@github.com)

https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch(af854a3a-2127-422b-91ae-364da2661108)

https://security.netapp.com/advisory/ntap-20221215-0003/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.