Grafana Missing Authentication for Critical Function Vulnerability - CVE-2022-28660 - Vulnerability Database

Grafana Missing Authentication for Critical Function Vulnerability - CVE-2022-28660

Critical
Reference: CVE-2022-28660
Title: Grafana Missing Authentication for Critical Function Vulnerability
Overview:

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1 1.3.1 and 1.4.0 contain the bugfix. This affects -auth.typeenterprise in microservices mode