Description
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
Remediation
References
Related Vulnerabilities
WordPress Plugin Calendar Multiple Cross-Site Scripting Vulnerabilities (1.2.1)
MySQL Incorrect Authorization Vulnerability (CVE-2025-50085)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1167)
WordPress Plugin WP Symposium Pro Social Network Multiple Vulnerabilities (15.12)