Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2022-44643 | First vendor Publication | 2022-12-20 |
Vendor | Cve | Last vendor Modification | 2022-12-29 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 8.8 | ||
Base Score | 8.8 | Environmental Score | 8.8 |
impact SubScore | 5.9 | Temporal Score | 8.8 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44643 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Sources (Detail)
Source | Url |
---|---|
MISC | https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v171----novembe... https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v231----novembe... |
Alert History
Date | Informations |
---|---|
2022-12-29 21:27:19 |
|
2022-12-21 00:27:15 |
|
2022-12-20 21:27:13 |
|