CVE-2022-28889

CVE-2022-28889: Clickjacking in the web console

Vendor Apache Software Foundation
Product Apache Druid
Weakness CWE-1021
Published July 7, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

Key dates

02Disclosure timeline

July 7, 2022 CVE published
August 3, 2024 Record updated