CVE-2022-28889

Medium

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent…

apache·CWE-1021·Published 2022-07-07

CVSS

4.3

EPSS

0.02

KEV

Exploits

cve.orgen

189 chars

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

NVDen

189 chars

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

GHSAen

189 chars

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

NVDes

235 chars

En Apache Druid versiones 0.22.1 y anteriores, el servidor no establecía los encabezados apropiados para evitar el clickjacking. Druid versiones 0.23.0 y posteriores evitan el clickjacking mediante el encabezado Content-Security-Policy

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3.1	Secondary	GHSA	4.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N