CVE-2022-39328

Name of the Vulnerable Software and Affected Versions Grafana versions 9.2.0 through 9.2.3

Description Grafana is an open-source platform for monitoring and observability. The issue is related to a race condition in the authentication middlewares logic, which may allow an unauthenticated user to query an administration endpoint under heavy load. This could potentially allow a remote attacker to elevate their privileges. There are no known workarounds for this issue.

Recommendations For versions 9.2.0 through 9.2.3, update to version 9.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to administration endpoints to minimize the risk of exploitation.