Grafana Missing Authentication for Critical Function Vulnerability - CVE-2022-28660
Reference:
CVE-2022-28660
Title:
Grafana Missing Authentication for Critical Function Vulnerability
Overview:
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1 1.3.1 and 1.4.0 contain the bugfix. This affects -auth.typeenterprise in microservices mode