CVE-2022-28889

Summary

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Druidunspecified <= 0.22.1affected

Weaknesses

  • CWE-1021: CWE-1021 Improper Restriction of Rendered UI Layers or Frames

Workarounds

Upgrade to Druid 0.23.0 or later.

ADP Enrichment

CVE Program Container

Additional References

References