4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-28889

GHSA ID

GHSA-pgq7-jcj5-xx6h

EPSS Score

0.7102%

CWE

CWE-1021

Published

7/8/2022

Updated

1/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-28889

CVE-2022-28889: Apache Druid before 0.23.0 vulnerable to clickjacking

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-28889

GHSA ID

GHSA-pgq7-jcj5-xx6h

EPSS Score

0.7102%

CWE

CWE-1021

Published

7/8/2022

Updated

1/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.druid:druid	maven	< 0.23.0	0.23.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

In *p**** *rui* *.**.* *n* **rli*r, t** s*rv*r *i* not s*t *ppropri*t* *****rs to pr*v*nt *li*kj**kin*. *rui* *.**.* *n* l*t*r pr*v*nt *li*kj**kin* usin* t** *ont*nt-S**urity-Poli*y *****r.

Reasoning

No *n*lysis *v*il**l*

4.3

Basic Information

Concerned about an active attack path?

CVE-2022-28889: Apache Druid before 0.23.0 vulnerable to clickjacking

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI