← Back

CVE-2022-46792

nvd nist
Published: Dec 8, 2022Modified: Apr 23, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)

Affected (9)

Hasura
1 product
Graphql Engine
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Hasura
Graphql Engine
From 2.10.0 to 2.10.2
Graphql Engine
From 2.11.0 to 2.11.3
Graphql Engine
From 2.13.0 to 2.13.2
Graphql Engine
From 2.15.0 to 2.15.2
Graphql Engine
Version 2.12.0
Graphql Engine
Version 2.12.0 beta1
Graphql Engine
Version 2.14.0
Graphql Engine
Version 2.14.0 beta1
Graphql Engine
Version 2.14.0 beta2

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Mailing ListPatchThird Party Advisory
Source: cve@mitre.org
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.