Vulnerabilities > CVE-2022-44643

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2022-12-20

Updated: 2022-12-29

Summary

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.

Vulnerable Configurations

Part	Description	Count
Hardware	Amd AMD Amd64 -	1

References

https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v171----november-14th-2022
https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v231----november-14th-2022

Vulnerabilities > CVE-2022-44643 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-44643"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-44643