Vulnerability Description
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grafana | Enterprise Metrics | >= 1.0.0, < 1.7.1 |
| Amd | Amd64 | - |
Related Weaknesses (CWE)
References
- https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v171----november-1PatchRelease NotesVendor Advisory
- https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v231----november-1PatchRelease NotesVendor Advisory
- https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v171----november-1PatchRelease NotesVendor Advisory
- https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v231----november-1PatchRelease NotesVendor Advisory
FAQ
What is CVE-2022-44643?
CVE-2022-44643 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions als...
How severe is CVE-2022-44643?
CVE-2022-44643 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-44643?
Check the references section above for vendor advisories and patch information. Affected products include: Grafana Enterprise Metrics, Amd Amd64.