Rocket.Chat: RBAC bypass on App log endpoints via `permissionRequired` typo — any authenticated user reads admin-only Enterprise App logs

Vulnerability description not provided...

EUVD-2022-33102

Malicious code in bioql PyPI...

CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

BIT-GRAFANA-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

CVE-2022-28660

Grafana Enterprise Logs 1.1.x–1.3.x (before 1.4.0) contain an authentication bypass in the querier component when the X-Scope-OrgID header is used, affecting -auth.type=enterprise in microservices mode. The issue is fixed in 1.4.0 (and later); affected versions include 1.1.x, 1.2.x, and 1.3.x. Re...

CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

PT-2022-19149 · Grafana · Grafana Enterprise Logs +1

Name of the Vulnerable Software and Affected Versions: Grafana Enterprise Logs versions 1.1.x through 1.3.x Description: The querier component does not require authentication when X-Scope-OrgID is used, affecting -auth.type=enterprise in microservices mode. Recommendations: For versions 1.1.x...

Grafana 访问控制错误漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana Enterprise Logs versions 1.1.x through 1.3....

ManageEngine Firewall Analyzer 'runQuery.do' SQL Injection Vulnerability

ZOHO ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from ZOHO that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. A SQL injection vulnerability exists in ZOHO ManageEngine Firewall Analyzer, which stems from t...