How severe is CVE-2022-39229?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-39229?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2022-39229 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`'s password won’t match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.

Related Vulnerabilities

CVE-2016-10835

MEDIUM

CVSS:4.3(Medium)

cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

CWE-2872016

CVE-2016-4863

MEDIUM

CVSS:4.3(Medium)

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series ...

CWE-2872016

CVE-2017-1000110

MEDIUM

CVSS:4.3(Medium)

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines i...

CWE-2872017

CVE-2017-1002024

MEDIUM

CVSS:4.3(Medium)

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

CWE-2872017

CVE-2017-12213

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dyna...

CWE-2872017

CVE-2018-0362

MEDIUM

CVSS:4.3(Medium)

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attack...

CWE-2872018