Unrated severityNVD Advisory· Published May 20, 2022· Updated Aug 3, 2024
CVE-2022-28660
CVE-2022-28660
Description
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Grafana/Enterprise Logsdescription
- Range: >=1.1.0 <1.4.0
Patches
Vulnerability mechanics
References
2- grafana.com/docs/enterprise-logs/latest/gel-releases/mitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20220707-0004/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.