CVE-2022-28660
Grafana Enterprise Logs 1.1.x–1.3.x (before 1.4.0) contain an authentication bypass in the querier component when the X-Scope-OrgID header is used, affecting -auth.type=enterprise in microservices mode. The issue is fixed in 1.4.0 (and later); affected versions include 1.1.x, 1.2.x, and 1.3.x. Re...