← Voltar para CVEs

CVE-2022-39328

CRITICAL

9.8

Descricao

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado11/8/2022

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

grafana:grafana

Fraquezas (CWE)

CWE-362CWE-362

Referencias

https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch(security-advisories@github.com)

https://security.netapp.com/advisory/ntap-20221215-0003/(security-advisories@github.com)

https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch(af854a3a-2127-422b-91ae-364da2661108)

https://security.netapp.com/advisory/ntap-20221215-0003/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.