Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20221215-0003/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-11-08T00:00:00
Updated: 2022-12-15T00:00:00
Reserved: 2022-09-02T00:00:00
Link: CVE-2022-39328
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-08T23:15:11.737
Modified: 2023-02-16T03:14:00.367
Link: CVE-2022-39328
JSON object: View
Redhat Information
No data.
CWE