Описание
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
Ссылки
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.1.0 (включая) до 1.2.1 (исключая)
Одно из
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:grafana:grafana:1.3.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 63%
0.00466
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
EPSS
Процентиль: 63%
0.00466
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-306