PT-2022-19294 · Apache · Apache Druid

Abhishek Agarwal

Published

2022-07-07

Updated

2022-07-15

CVE-2022-28889

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Druid versions 0.22.1 and earlier

Description The issue is related to the server not setting appropriate headers to prevent clickjacking. This is mitigated in version 0.23.0 and later by using the Content-Security-Policy header.

Recommendations For Apache Druid versions 0.22.1 and earlier, update to version 0.23.0 or later to prevent clickjacking using the Content-Security-Policy header.

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

CVE-2022-28889

GHSA-PGQ7-JCJ5-XX6H

Affected Products

Apache Druid

PT-2022-19294 · Apache · Apache Druid

CVE-2022-28889

Weakness Enumeration

Related Identifiers

Affected Products

References · 7