8.8

CVE-2022-44643

EPSS 0.15%
Published 20.12.2022 15:15:11
Last modified 15.04.2025 20:15:37
Source cve@mitre.org
Teams watchlist Login
Open Login

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Grafana ≫ Enterprise Metrics Version >= 1.0.0 < 1.7.1

Amd ≫ Amd64 Version-

Grafana ≫ Enterprise Metrics Version >= 2.0.0 < 2.3.1

Amd ≫ Amd64 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.356

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v171----november-14th-2022

Patch

Vendor Advisory

Release Notes

https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v231----november-14th-2022

Patch

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2022-44643

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-44643

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-44643

EUVD