CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.14.0:-:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.14.0:beta1:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.14.0:beta2:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.12.0:beta1:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.12.0:-:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*

Information

Published : 2022-12-07 22:15

Updated : 2022-12-09 19:10


NVD link : CVE-2022-46792

Mitre link : CVE-2022-46792


JSON object : View

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

Advertisement

dedicated server usa

Products Affected

hasura

  • graphql_engine