Row-Level Authorization Flaw in Hasura GraphQL Engine for Postgres Backends
CVE-2022-46792
8.8HIGH
What is CVE-2022-46792?
The Hasura GraphQL Engine prior to version 2.15.2 exhibits a vulnerability that impacts row-level authorization specifically in the Update Many API when using Postgres backends. This flaw allows unauthorized access to data, potentially leading to data leakage or unauthorized data manipulation, depending on the implementation. Users are strongly advised to upgrade to the fixed versions, which are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, or 2.15.2, to safeguard their applications against this risk.
