2 matches found
CVE-2022-44643
Grafana Enterprise Metrics (GEM) suffers a label-based access control vulnerability where an access policy with label selector restrictions that also grants access to all tenants bypasses those restrictions. Affected are GEM 1.x < 1.7.1 and GEM 2.x
CVE-2022-44643 Access policy with access to all tenants and using label selectors has more access
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not ...