CVE-2022-46792
CVSS V2 None
CVSS V3 None
Description
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)
Overview
- CVE ID
- CVE-2022-46792
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-08T06:15:08
- Last Modified Date
- 2022-12-10T03:10:38
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:* | 1 | OR | 2.10.0 | 2.10.2 |
| cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:* | 1 | OR | 2.11.0 | 2.11.3 |
| cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:* | 1 | OR | 2.13.0 | 2.13.2 |
| cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:* | 1 | OR | 2.15.0 | 2.15.2 |
| cpe:2.3:a:hasura:graphql_engine:2.12.0:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:hasura:graphql_engine:2.12.0:beta1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:hasura:graphql_engine:2.14.0:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:hasura:graphql_engine:2.14.0:beta1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:hasura:graphql_engine:2.14.0:beta2:*:*:*:*:*:* | 1 | OR |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-46792 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46792 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-08 06:39:36 | Added to TrackCVE | |||
| 2022-12-08 13:14:02 | 2022-12-08T06:15:08.940 | 2022-12-08T06:15:08 | CVE Published Date | updated |
| 2022-12-08 13:14:02 | 2022-12-08T13:11:46 | CVE Modified Date | updated | |
| 2022-12-08 13:14:02 | Received | Awaiting Analysis | Vulnerability Status | updated |
| 2022-12-09 16:15:52 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2022-12-10 03:15:16 | 2022-12-10T03:10:38 | CVE Modified Date | updated | |
| 2022-12-10 03:15:16 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2022-12-10 03:15:16 | CWE-732 | Weakness Enumeration | new | |
| 2022-12-10 03:15:18 | CPE Information | updated |