HIGH🇬🇧 English

CVE-2022-46792

CVSS 8.8v3.1pub. 2022-12-08upd. 2025-04-23

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Hasura Graphql Engine

    APP
    Hasura
    2.12.02.14.02.10.0 – 2.10.2 (bez)2.11.0 – 2.11.3 (bez)2.13.0 – 2.13.2 (bez)2.15.0 – 2.15.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-47748CRITICAL9.3PL ✓ten sam produkt

RCE w Hasura GraphQL Engine przez COPY FROM PROGRAM

CVE-2021-47713HIGH8.7ten sam produkt

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service...

CVE-2023-27588HIGH7.5ten sam produkt

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has ...

CVE-2019-1020015HIGH7.5ten sam produkt

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying J...

CVE-2021-47714MEDIUM6.9ten sam produkt

Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files thr...