Description
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
Remediation
References
Related Vulnerabilities
WebLogic CVE-2021-2378 Vulnerability (CVE-2021-2378)
Joomla! Core Cross-Site Scripting (1.6.0 - 3.6.0)
OpenSSL Resource Management Errors Vulnerability (CVE-2011-4577)
WordPress Plugin Hero Maps Premium Cross-Site Scripting (2.2.1)
Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)