Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.
{"id": "CVE-2021-39226", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-39226", "description": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.", "published": "2021-10-05T18:15:00", "modified": "2021-11-28T23:22:00", "epss": [{"cve": "CVE-2021-39226", "epss": 0.9726, "percentile": 0.99739, "modified": "2023-05-23"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39226", "reporter": "security-advisories@github.com", "references": ["https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269", "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/", "https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9", "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/", "http://www.openwall.com/lists/oss-security/2021/10/05/4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG/", "https://security.netapp.com/advisory/ntap-20211029-0008/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT/"], "cvelist": ["CVE-2021-39226"], "immutableFields": [], "lastseen": "2023-05-23T15:40:17", "viewCount": 589, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:3771"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-39226"]}, {"type": "altlinux", "idList": ["B828D5FB8C6F7FB129FB7CAEF9DB98EC", "C5B2C7A9727684FD9FCB2E7C2A4BB349"]}, {"type": "attackerkb", "idList": ["AKB:2B7B662B-EDD1-4BFA-978A-6AE63790F8A5", "AKB:C7BC56A3-BACB-47EB-9088-23312073E652"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0930"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-39226"]}, {"type": "f5", "idList": ["F5:K22322802"]}, {"type": "fedora", "idList": ["FEDORA:90F6B3049394", "FEDORA:D9B58309ACDA"]}, {"type": "freebsd", "idList": ["757EE63B-269A-11EC-A616-6C3BE5272ACD"]}, {"type": "github", "idList": ["GHSA-69J6-29VR-P3J9"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-3771.NASL", "FREEBSD_PKG_757EE63B269A11ECA6166C3BE5272ACD.NASL", "OPENSUSE-2022-0140-1.NASL", "ORACLELINUX_ELSA-2021-3771.NASL", "REDHAT-RHSA-2021-3769.NASL", "REDHAT-RHSA-2021-3770.NASL", "REDHAT-RHSA-2021-3771.NASL", "ROCKY_LINUX_RLSA-2021-3771.NASL", "SUSE_SU-2022-1396-1.NASL", "SUSE_SU-2022-2134-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3771"]}, {"type": "osv", "idList": ["OSV:GHSA-69J6-29VR-P3J9"]}, {"type": "redhat", "idList": ["RHSA-2021:3769", "RHSA-2021:3770", "RHSA-2021:3771", "RHSA-2022:0056", "RHSA-2022:6252", "RHSA-2022:6262", "RHSA-2022:6308", "RHSA-2022:6317", "RHSA-2022:6322"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-39226"]}, {"type": "rocky", "idList": ["RLSA-2021:3771"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0140-1", "SUSE-SU-2022:1396-1"]}, {"type": "thn", "idList": ["THN:5D50D5AA81EE14FA1044614364EAEBC6"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-39226"]}, {"type": "veracode", "idList": ["VERACODE:32391"]}]}, "score": {"value": 3.8, "vector": "NONE"}, "twitter": {"counter": 15, "tweets": [{"link": "https://twitter.com/OfficialWilliP/status/1565059143630725122", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059148336844801", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059145186910210", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059141265227776", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059150140379136", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059138014568448", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059146730426370", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059154728861700", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059136609566721", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}, {"link": "https://twitter.com/OfficialWilliP/status/1565059139763638273", "text": "CISA has updated 10 New Known Actively Exploited Vulnerabilities to its catalog. Keep an eye on each of these:\n- CVE-2021-38406\n- CVE-2022-26352\n- CVE-2022-24706\n- CVE-2022-24112\n- CVE-2022-22963\n- CVE-2022-2294\n- CVE-2021-39226\n- CVE-2020-36193\n- CVE-2020-28949\n- CVE-2021-31010", "author": "OfficialWilliP", "author_photo": "https://pbs.twimg.com/profile_images/1511299238604460043/qAp552f8_400x400.jpg"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:3771"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-39226"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0930"]}, {"type": "f5", "idList": ["F5:K22322802"]}, {"type": "fedora", "idList": ["FEDORA:90F6B3049394", "FEDORA:D9B58309ACDA"]}, {"type": "freebsd", "idList": ["757EE63B-269A-11EC-A616-6C3BE5272ACD"]}, {"type": "github", "idList": ["GHSA-69J6-29VR-P3J9"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-3771.NASL", "FREEBSD_PKG_757EE63B269A11ECA6166C3BE5272ACD.NASL", "ORACLELINUX_ELSA-2021-3771.NASL", "REDHAT-RHSA-2021-3769.NASL", "REDHAT-RHSA-2021-3770.NASL", "REDHAT-RHSA-2021-3771.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3771"]}, {"type": "redhat", "idList": ["RHSA-2022:0056"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-39226"]}, {"type": "rocky", "idList": ["RLSA-2021:3771"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0140-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-39226"]}]}, "exploitation": {"wildExploited": true, "wildExploitedSources": [{"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-39226"]}]}, "affected_software": {"major_version": [{"name": "grafana", "version": 7}, {"name": "grafana", "version": 8}, {"name": "fedoraproject fedora", "version": 34}, {"name": "fedoraproject fedora", "version": 35}]}, "epss": [{"cve": "CVE-2021-39226", "epss": 0.9726, "percentile": 0.99726, "modified": "2023-05-03"}], "vulnersScore": 3.8}, "_state": {"dependencies": 1685064693, "score": 1684856603, "cisa_kev_wildexploited": 1684862259, "twitter": 0, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "c9a858b7df4fd196ebde70e1ee235066"}, "cna_cvss": {"cna": "GitHub, Inc.", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "score": 9.8}}}, "cpe": ["cpe:/o:fedoraproject:fedora:34", "cpe:/o:fedoraproject:fedora:35"], "cpe23": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"], "cwe": ["CWE-287"], "affectedSoftware": [{"cpeName": "grafana:grafana", "version": "8.1.6", "operator": "lt", "name": "grafana"}, {"cpeName": "grafana:grafana", "version": "7.5.11", "operator": "lt", "name": "grafana"}, {"cpeName": "fedoraproject:fedora", "version": "34", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "35", "operator": "eq", "name": "fedoraproject fedora"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:grafana:grafana:8.1.6:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.1.6", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:grafana:grafana:7.5.11:*:*:*:*:*:*:*", "versionEndExcluding": "7.5.11", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269", "name": "https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/", "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9", "name": "https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/", "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/05/4", "name": "[oss-security] 20211005 CVE-2021-39226 Grafana snapshot authentication bypass", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG/", "name": "FEDORA-2021-dd83dc8b0b", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20211029-0008/", "name": "https://security.netapp.com/advisory/ntap-20211029-0008/", "refsource": "CONFIRM", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT/", "name": "FEDORA-2021-01588ab0bf", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}], "product_info": [{"vendor": "grafana", "product": "grafana"}], "solutions": [], "workarounds": [], "impacts": [], "exploits": [], "problemTypes": [], "assigned": "1976-01-01T00:00:00"}
{"fedora": [{"lastseen": "2023-05-23T16:36:16", "description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-19T00:37:37", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: grafana-7.5.11-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-19T00:37:37", "id": "FEDORA:D9B58309ACDA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:36:16", "description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-29T23:24:26", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: grafana-7.5.11-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-29T23:24:26", "id": "FEDORA:90F6B3049394", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-05-25T12:20:42", "description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-12T10:35:03", "type": "redhat", "title": "(RHSA-2021:3770) Important: grafana security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-12T10:37:18", "id": "RHSA-2021:3770", "href": "https://access.redhat.com/errata/RHSA-2021:3770", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-25T12:20:42", "description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-12T10:35:50", "type": "redhat", "title": "(RHSA-2021:3771) Important: grafana security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-12T10:38:41", "id": "RHSA-2021:3771", "href": "https://access.redhat.com/errata/RHSA-2021:3771", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-25T12:20:42", "description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-12T10:34:07", "type": "redhat", "title": "(RHSA-2021:3769) Important: grafana security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-12T10:35:58", "id": "RHSA-2021:3769", "href": "https://access.redhat.com/errata/RHSA-2021:3769", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.7.59. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:6321\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.59-x86_64\n\nThe image digest is sha256:5db88217bbc9ee12d95f3c740eb0217668628e2f1f61b9cb2afdddf16ffb1333\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.59-s390x\n\nThe image digest is sha256:173203569ce6f5c0c0cd76824a8cd6182f3488ba5e0621559ef8430b40abaa3f\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.59-ppc64le\n\nThe image digest is sha256:351d809f8b29d8a7990092f84442f2f77594e5888b851c0c096d21097dd7c451\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T13:48:03", "type": "redhat", "title": "(RHSA-2022:6322) Moderate: OpenShift Container Platform 4.7.59 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226", "CVE-2022-0494", "CVE-2022-1353", "CVE-2022-2526", "CVE-2022-29154"], "modified": "2022-09-13T13:49:29", "id": "RHSA-2022:6322", "href": "https://access.redhat.com/errata/RHSA-2022:6322", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:6319\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.48-x86_64\n\nThe image digest is sha256:fe63bce8c63031a17f08feed4fae704499b749502cb3d51f5df7d8eb002e8e55\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.48-s390x\n\nThe image digest is sha256:cc5c418771b024b65af22f306c24483421c2e3b351004df1948dc3e9af25b424\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.48-ppc64le\n\nThe image digest is sha256:162a33695defc9acd595451c13ec96eae4557642d6a51521f2aeac22f1c02b8c\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-12T12:16:44", "type": "redhat", "title": "(RHSA-2022:6317) Important: OpenShift Container Platform 4.9.48 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226", "CVE-2022-0494", "CVE-2022-1353", "CVE-2022-2526", "CVE-2022-29154"], "modified": "2022-09-12T12:18:15", "id": "RHSA-2022:6317", "href": "https://access.redhat.com/errata/RHSA-2022:6317", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.6.61. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:6261\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.61-x86_64\n\nThe image digest is sha256:59fcf77d73e43fc5f458dbf4c6c0c1c5e07aaca55282ecaa2c8397c83362627a\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.61-s390x\n\nThe image digest is sha256:9eb9af3e80d43300e44c46dc9e55d5b11f718082ab68fe2b10da9d3b562d1620\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.61-ppc64le\n\nThe image digest is sha256:3571d61b480306030e0838a86db570177e15287b393c8059e8f2fbe50612d816\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-09T04:57:19", "type": "redhat", "title": "(RHSA-2022:6262) Important: OpenShift Container Platform 4.6.61 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226", "CVE-2022-1353", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-30631", "CVE-2022-34169"], "modified": "2022-09-09T04:58:35", "id": "RHSA-2022:6262", "href": "https://access.redhat.com/errata/RHSA-2022:6262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release.\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.[y]/release_notes/ocp-4-8-release-notes.html\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.49-x86_64\n\nThe image digest is sha256:ba6831ecc01cc2b3bfdd8f719e7a9384a877767fe90272a2becee7d7b6c9307c\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.49-s390x\n\nThe image digest is sha256:73f2aa3c7ebd443bf7c76e8434975f14e52e9312425cd62b9368697afe4542b0\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.49-ppc64le\n\nThe image digest is sha256:cc18f0f9dae56a3e630f87c3054ca1d0b807d8524369735e7a0c47297833f661\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T20:34:14", "type": "redhat", "title": "(RHSA-2022:6308) Important: OpenShift Container Platform 4.8.49 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226", "CVE-2022-0494", "CVE-2022-1353", "CVE-2022-2526", "CVE-2022-26945", "CVE-2022-29154", "CVE-2022-30321", "CVE-2022-30322", "CVE-2022-30323", "CVE-2022-30631"], "modified": "2022-09-14T20:34:45", "id": "RHSA-2022:6308", "href": "https://access.redhat.com/errata/RHSA-2022:6308", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:6251\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-07T14:11:28", "type": "redhat", "title": "(RHSA-2022:6252) Moderate: OpenShift Container Platform 3.11.784 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26116", "CVE-2020-26137", "CVE-2021-3177", "CVE-2021-39226", "CVE-2021-46784", "CVE-2022-1271", "CVE-2022-1552", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-2526", "CVE-2022-29154", "CVE-2022-34169"], "modified": "2022-09-07T14:12:26", "id": "RHSA-2022:6252", "href": "https://access.redhat.com/errata/RHSA-2022:6252", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-30T12:45:50", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T15:13:45", "type": "redhat", "title": "(RHSA-2022:0056) Moderate: OpenShift Container Platform 4.10.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3577", "CVE-2016-10228", "CVE-2017-14502", "CVE-2018-1000858", "CVE-2018-20843", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15903", "CVE-2019-19906", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-25013", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9169", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-13434", "CVE-2020-14391", "CVE-2020-15358", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-25660", "CVE-2020-25677", "CVE-2020-27618", "CVE-2020-27781", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-8927", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2020-9952", "CVE-2021-20305", "CVE-2021-21684", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-25215", "CVE-2021-27218", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-3121", "CVE-2021-3326", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3521", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-36222", "CVE-2021-3733", "CVE-2021-3749", "CVE-2021-37750", "CVE-2021-39226", "CVE-2021-41190", "CVE-2021-41772", "CVE-2021-43813", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-0532", "CVE-2022-21673", "CVE-2022-24407"], "modified": "2022-12-21T11:22:50", "id": "RHSA-2022:0056", "href": "https://access.redhat.com/errata/RHSA-2022:0056", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "github": [{"lastseen": "2023-05-23T17:13:27", "description": "Today we are releasing Grafana 7.5.11, and 8.1.6. These patch releases include an important security fix for an issue that affects all Grafana versions from 2.0.1.\n\n[Grafana Cloud](https://grafana.com/cloud) instances have already been patched and an audit did not find any usage of this attack vector. [Grafana Enterprise](https://grafana.com/products/enterprise) customers were provided with updated binaries under embargo.\n\n8.1.5 contained a single fix for bar chart panels. We believe that users can expedite deployment by moving from 8.1.4 to 8.1.6 directly.\n\n## CVE-2021-39226 Snapshot authentication bypass\n\n### Summary\n\nCVSS Score: 9.8 Critical\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\nWe received a security report to [security@grafana.com](mailto:security@grafana.com) on 2021-09-15 about a vulnerability in Grafana regarding the snapshot feature. It was later identified as affecting Grafana versions from 2.0.1 to 8.1.6. [CVE-2021-39226](https://vulners.com/cve/CVE-2021-39226) has been assigned to this vulnerability.\n\n### Impact\nUnauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths:\n\n* `/dashboard/snapshot/:key`, or\n* `/api/snapshots/:key`\n\nIf the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path:\n\n* `/api/snapshots-delete/:deleteKey`\n\nRegardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths:\n\n* `/api/snapshots/:key`, or\n* `/api/snapshots-delete/:deleteKey`\n\nThe combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.\n\n### Attack audit\n\nWhile we can not guarantee that the below will identify all attacks, if you do find something with the below, you should consider doing a full assessment.\n\n#### Through reverse proxy/load balancer logs\n\nTo determine if your Grafana installation has been exploited for this vulnerability, search through your reverse proxy/load balancer access logs for instances where the path is `/dashboard/snapshot/:key`, `/api/snapshots/:key` or `/api/snapshots-delete/:deleteKey`, and the response status code was 200 (OK).\nFor example, if you\u2019re using the Kubernetes ingress-nginx controller and sending logs to Loki, use a LogQL query like `{job=\"nginx-ingress-controller\"} |= \"\\\"status\\\": 200\" |= \"\\\"uri\\\": \\\"/api/snapshots/:key\\\"\"`.\n\n#### Through the Grafana Enterprise audit feature\n\nIf you enabled \u201cLog web requests\u201d in your configuration with `router_logging = true`, look for\n`\"requestUri\":\"/api/snapshots-delete/\u201d`,`\u201crequestUri\":\"/api/snapshots/:key\"`, or `\"type\":\"snapshot\"` in combination with `\"action\":\"delete\"`.\n\n### Patched versions\n\nRelease 8.1.6: \n\n- [Download Grafana 8.1.6](https://grafana.com/grafana/download/8.1.6)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/)\n\nRelease 7.5.11: \n\n- [Download Grafana 7.5.11](https://grafana.com/grafana/download/7.5.11)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/)\n\n### Solutions and mitigations\n\nDownload and install the appropriate patch for your version of Grafana.\n\n[Grafana Cloud](https://grafana.com/cloud) instances have already been patched, and [Grafana Enterprise](https://grafana.com/products/enterprise) customers were provided with updated binaries under embargo.\n\n### Workaround\n\nIf for some reason you cannot upgrade:\n\nYou can use a reverse proxy or similar to block access to the literal paths\n* `/api/snapshots/:key`\n* `/api/snapshots-delete/:deleteKey`\n* `/dashboard/snapshot/:key`\n* `/api/snapshots/:key`\n\nThey have no normal function and can be disabled without side effects.\n\n### Timeline and postmortem\n\nHere is a detailed timeline starting from when we originally learned of the issue. All times in UTC.\n\n* 2021-09-15 14:49: Tuan Tran theblackturtle0901@gmail.com sends initial report about viewing snapshots without authentication\n* 2021-09-15 15:56: Initial reproduction\n* 2021-09-15 17:10: MEDIUM severity declared\n* 2021-09-15 18:58: Workaround deployed on Grafana Cloud\n* 2021-09-15 19:15: `/api/snapshots/:key` found to be vulnerable as well\n* 2021-09-15 19:30: `/api/snapshots/:key` blocked on Grafana Cloud\n* 2021-09-16 09:31: `/api/snapshots-delete/:deleteKey` found to be vulnerable as well, blocked on Grafana Cloud. From this point forward, Cloud is not affected any more.\n* 2021-09-16 09:35: HIGH severity declared\n* 2021-09-16 11:19: Realization that combination of deletion and viewing allows enumeration and permanent DoS\n* 2021-09-16 11:19: CRITICAL declared\n* 2021-09-17 10:53: Determination that no weekend work is needed. While issue is CRITICAL, scope is very limited\n* 2021-09-17 14:26: Audit of Grafana Cloud concluded, no evidence of exploitation\n* 2021-09-23: Grafana Cloud instances updated\n* 2021-09-28 12:00: Grafana Enterprise images released to customers under embargo\n* 2021-10-05 17:00: Public release\n\n## Reporting security issues\n\nIf you think you have found a security vulnerability, please send a report to [security@grafana.com](mailto:security@grafana.com). This address can be used for all of\nGrafana Labs's open source and commercial products (including but not limited to Grafana, Tempo, Loki, Amixr, k6, Tanka, and Grafana Cloud, Grafana Enterprise, and grafana.com). We only accept vulnerability reports at this address. We would prefer that you encrypt your message to us using our PGP key. The key fingerprint is:\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from [keys.gnupg.net](http://keys.gnupg.net/pks/lookup?op=get&fingerprint=on&search=0xD1258932BE24C5CA) by searching for [security@grafana](http://keys.gnupg.net/pks/lookup?search=security@grafana&fingerprint=on&op=index.\n\n## Security announcements\n\nWe maintain a category on the community site named [Security Announcements](https://community.grafana.com/c/security-announcements),\nwhere we will post a summary, remediation, and mitigation details for any patch containing security fixes. You can also subscribe to email updates to this category if you have a grafana.com account and sign in to the community site, or via updates from our [Security Announcements RSS feed](https://community.grafana.com/c/security-announcements.rss).\n\n## Acknowledgement\n\nWe would like to thank [Tran Viet Tuan](https://github.com/theblackturtle) for responsibly disclosing the initially discovered vulnerability to us.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-05T20:24:02", "type": "github", "title": "Authentication bypass for viewing and deletions of snapshots", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2023-02-01T05:06:08", "id": "GHSA-69J6-29VR-P3J9", "href": "https://github.com/advisories/GHSA-69j6-29vr-p3j9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-25T14:24:51", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3769 advisory.\n\n - grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "RHEL 8 : grafana (RHSA-2021:3769)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39226"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:grafana", "p-cpe:/a:redhat:enterprise_linux:grafana-azure-monitor", "p-cpe:/a:redhat:enterprise_linux:grafana-cloudwatch", "p-cpe:/a:redhat:enterprise_linux:grafana-elasticsearch", "p-cpe:/a:redhat:enterprise_linux:grafana-graphite", "p-cpe:/a:redhat:enterprise_linux:grafana-influxdb", "p-cpe:/a:redhat:enterprise_linux:grafana-loki", "p-cpe:/a:redhat:enterprise_linux:grafana-mssql", "p-cpe:/a:redhat:enterprise_linux:grafana-mysql", "p-cpe:/a:redhat:enterprise_linux:grafana-opentsdb", "p-cpe:/a:redhat:enterprise_linux:grafana-postgres", "p-cpe:/a:redhat:enterprise_linux:grafana-prometheus", "p-cpe:/a:redhat:enterprise_linux:grafana-stackdriver"], "id": "REDHAT-RHSA-2021-3769.NASL", "href": "https://www.tenable.com/plugins/nessus/154071", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3769. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154071);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-39226\");\n script_xref(name:\"RHSA\", value:\"2021:3769\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"RHEL 8 : grafana (RHSA-2021:3769)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:3769 advisory.\n\n - grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-39226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2011063\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(639);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-azure-monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-cloudwatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-graphite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-influxdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-loki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-opentsdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-postgres\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-prometheus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-stackdriver\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grafana-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-azure-monitor-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-cloudwatch-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-elasticsearch-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-graphite-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-influxdb-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-loki-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-mssql-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-mysql-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-opentsdb-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-postgres-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-prometheus-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-stackdriver-6.2.2-7.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana / grafana-azure-monitor / grafana-cloudwatch / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:49", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3771 advisory.\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : grafana (RLSA-2021:3771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39226"], "modified": "2022-08-29T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:grafana", "p-cpe:/a:rocky:linux:grafana-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-3771.NASL", "href": "https://www.tenable.com/plugins/nessus/157791", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:3771.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157791);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/29\");\n\n script_cve_id(\"CVE-2021-39226\");\n script_xref(name:\"RLSA\", value:\"2021:3771\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Rocky Linux 8 : grafana (RLSA-2021:3771)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2021:3771 advisory.\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and\n authenticated users are able to view the snapshot with the lowest database key by accessing the literal\n paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration\n setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with\n the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the\n snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest\n database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The\n combination of deletion and viewing enables a complete walk through all snapshot data while resulting in\n complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason\n you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:3771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2011063\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana and / or grafana-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:grafana-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'grafana-7.3.6-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-7.3.6-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-debuginfo-7.3.6-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-debuginfo-7.3.6-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana / grafana-debuginfo');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:17", "description": "The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:3771 advisory.\n\n - grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-15T00:00:00", "type": "nessus", "title": "CentOS 8 : grafana (CESA-2021:3771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39226"], "modified": "2022-08-29T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:grafana"], "id": "CENTOS8_RHSA-2021-3771.NASL", "href": "https://www.tenable.com/plugins/nessus/154157", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:3771. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154157);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/29\");\n\n script_cve_id(\"CVE-2021-39226\");\n script_xref(name:\"RHSA\", value:\"2021:3771\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"CentOS 8 : grafana (CESA-2021:3771)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the\nCESA-2021:3771 advisory.\n\n - grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3771\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grafana\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'grafana-7.3.6-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-7.3.6-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:25:03", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3770 advisory.\n\n - grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "RHEL 8 : grafana (RHSA-2021:3770)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39226"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:grafana", "p-cpe:/a:redhat:enterprise_linux:grafana-azure-monitor", "p-cpe:/a:redhat:enterprise_linux:grafana-cloudwatch", "p-cpe:/a:redhat:enterprise_linux:grafana-elasticsearch", "p-cpe:/a:redhat:enterprise_linux:grafana-graphite", "p-cpe:/a:redhat:enterprise_linux:grafana-influxdb", "p-cpe:/a:redhat:enterprise_linux:grafana-loki", "p-cpe:/a:redhat:enterprise_linux:grafana-mssql", "p-cpe:/a:redhat:enterprise_linux:grafana-mysql", "p-cpe:/a:redhat:enterprise_linux:grafana-opentsdb", "p-cpe:/a:redhat:enterprise_linux:grafana-postgres", "p-cpe:/a:redhat:enterprise_linux:grafana-prometheus", "p-cpe:/a:redhat:enterprise_linux:grafana-stackdriver"], "id": "REDHAT-RHSA-2021-3770.NASL", "href": "https://www.tenable.com/plugins/nessus/154084", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3770. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154084);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-39226\");\n script_xref(name:\"RHSA\", value:\"2021:3770\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"RHEL 8 : grafana (RHSA-2021:3770)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:3770 advisory.\n\n - grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-39226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2011063\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(639);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-azure-monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-cloudwatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-graphite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-influxdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-loki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-opentsdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-postgres\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-prometheus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana-stackdriver\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grafana-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-azure-monitor-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-cloudwatch-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-elasticsearch-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-graphite-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-influxdb-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-loki-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-mssql-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-mysql-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-opentsdb-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-postgres-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-prometheus-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-stackdriver-6.3.6-3.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana / grafana-azure-monitor / grafana-cloudwatch / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:24:38", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3771 advisory.\n\n - grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "RHEL 8 : grafana (RHSA-2021:3771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39226"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:grafana"], "id": "REDHAT-RHSA-2021-3771.NASL", "href": "https://www.tenable.com/plugins/nessus/154076", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3771. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154076);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-39226\");\n script_xref(name:\"RHSA\", value:\"2021:3771\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"RHEL 8 : grafana (RHSA-2021:3771)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2021:3771 advisory.\n\n - grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-39226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2011063\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(639);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grafana\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grafana-7.3.6-3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grafana-7.3.6-3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grafana-7.3.6-3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:15:19", "description": "The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-3771 advisory.\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : grafana (ELSA-2021-3771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39226"], "modified": "2022-08-29T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:grafana"], "id": "ORACLELINUX_ELSA-2021-3771.NASL", "href": "https://www.tenable.com/plugins/nessus/154106", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-3771.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154106);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/29\");\n\n script_cve_id(\"CVE-2021-39226\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Oracle Linux 8 : grafana (ELSA-2021-3771)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2021-3771 advisory.\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and\n authenticated users are able to view the snapshot with the lowest database key by accessing the literal\n paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration\n setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with\n the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the\n snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest\n database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The\n combination of deletion and viewing enables a complete walk through all snapshot data while resulting in\n complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason\n you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-3771.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grafana\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'grafana-7.3.6-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grafana-7.3.6-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:07", "description": "Grafana Labs reports :\n\nUnauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths :\n\n- /dashboard/snapshot/:key, or\n\n- /api/snapshots/:key\n\nIf the snapshot 'public_mode' configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path :\n\n- /api/snapshots-delete/:deleteKey\n\nRegardless of the snapshot 'public_mode' setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths :\n\n- /api/snapshots/:key, or\n\n- /api/snapshots-delete/:deleteKey\n\nThe combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.", "cvss3": {}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "FreeBSD : Grafana -- Snapshot authentication bypass (757ee63b-269a-11ec-a616-6c3be5272acd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39226"], "modified": "2022-08-29T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:grafana", "p-cpe:/a:freebsd:freebsd:grafana6", "p-cpe:/a:freebsd:freebsd:grafana7", "p-cpe:/a:freebsd:freebsd:grafana8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_757EE63B269A11ECA6166C3BE5272ACD.NASL", "href": "https://www.tenable.com/plugins/nessus/154658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154658);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/29\");\n\n script_cve_id(\"CVE-2021-39226\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"FreeBSD : Grafana -- Snapshot authentication bypass (757ee63b-269a-11ec-a616-6c3be5272acd)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Grafana Labs reports :\n\nUnauthenticated and authenticated users are able to view the snapshot\nwith the lowest database key by accessing the literal paths :\n\n- /dashboard/snapshot/:key, or\n\n- /api/snapshots/:key\n\nIf the snapshot 'public_mode' configuration setting is set to true (vs\ndefault of false), unauthenticated users are able to delete the\nsnapshot with the lowest database key by accessing the literal path :\n\n- /api/snapshots-delete/:deleteKey\n\nRegardless of the snapshot 'public_mode' setting, authenticated users\nare able to delete the snapshot with the lowest database key by\naccessing the literal paths :\n\n- /api/snapshots/:key, or\n\n- /api/snapshots-delete/:deleteKey\n\nThe combination of deletion and viewing enables a complete walk\nthrough all snapshot data while resulting in complete snapshot data\nloss.\");\n # https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?caaa986c\");\n # https://vuxml.freebsd.org/freebsd/757ee63b-269a-11ec-a616-6c3be5272acd.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?da1286a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:grafana6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:grafana7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:grafana8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"grafana8>=8.0.0<8.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"grafana8>=2.0.1<7.5.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"grafana7>=8.0.0<8.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"grafana7>=2.0.1<7.5.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"grafana6>=8.0.0<8.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"grafana6>=2.0.1<7.5.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"grafana>=8.0.0<8.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"grafana>=2.0.1<7.5.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:39:42", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0140-1 advisory.\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. (CVE-2021-43813)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-21T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : grafana (openSUSE-SU-2022:0140-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-39226", "CVE-2021-43813"], "modified": "2022-08-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:grafana", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0140-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156937", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0140-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156937);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/29\");\n\n script_cve_id(\"CVE-2021-39226\", \"CVE-2021-43813\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : grafana (openSUSE-SU-2022:0140-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0140-1 advisory.\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and\n authenticated users are able to view the snapshot with the lowest database key by accessing the literal\n paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration\n setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with\n the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the\n snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest\n database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The\n combination of deletion and viewing enables a complete walk through all snapshot data while resulting in\n complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason\n you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The\n vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated\n users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to\n patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of\n Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files,\n users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help\n text. (CVE-2021-43813)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193688\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUS4G6GRHNJN7AR53SGJABSHRZM3XMOY/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b1fd9b3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43813\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'grafana-7.5.12-3.18.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:26", "description": "The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1396-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine- grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user.\n This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4. (CVE-2022-21673)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. (CVE-2022-21702)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).\n An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. (CVE-2022-21703)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n (CVE-2022-21713)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:1396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-3711", "CVE-2021-39226", "CVE-2021-41174", "CVE-2021-41244", "CVE-2021-43798", "CVE-2021-43813", "CVE-2021-43815", "CVE-2022-21673", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1396-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170214", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1396-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170214);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2021-3711\",\n \"CVE-2021-36222\",\n \"CVE-2021-39226\",\n \"CVE-2021-41174\",\n \"CVE-2021-41244\",\n \"CVE-2021-43798\",\n \"CVE-2021-43813\",\n \"CVE-2021-43815\",\n \"CVE-2022-21673\",\n \"CVE-2022-21702\",\n \"CVE-2022-21703\",\n \"CVE-2022-21713\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1396-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:1396-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nSUSE-SU-2022:1396-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function\n EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the\n out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size\n required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer\n and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug\n in the implementation of the SM2 decryption code means that the calculation of the buffer size required to\n hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size\n required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the\n application a second time with a buffer that is too small. A malicious attacker who is able present SM2\n content for decryption to an application could cause attacker chosen data to overflow the buffer by up to\n a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing\n application behaviour or causing the application to crash. The location of the buffer is application\n dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and\n authenticated users are able to view the snapshot with the lowest database key by accessing the literal\n paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration\n setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with\n the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the\n snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest\n database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The\n combination of deletion and viewing enables a complete walk through all snapshot data while resulting in\n complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason\n you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker\n is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content\n may be executed within the context of the victim's browser. The user visiting the malicious link must be\n unauthenticated and the link must be for a page that contains the login button in the menu bar. The url\n has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS\n expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login\n button will contain the original link with a query parameter to force a redirect to the login page. The\n URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained\n in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you\n can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-\n grained access control beta feature is enabled and there is more than one organization in the Grafana\n instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism\n which allowed users with the Organization Admin role to list, add, remove, and update users' roles in\n other organizations in which they are not an admin. With fine-grained access control enabled, organization\n admins can list, add, remove and update users' roles in another organization, where they do not have\n organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control\n beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade,\n you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through\n 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any\n installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched\n versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about\n vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The\n vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated\n users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to\n patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of\n Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files,\n users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help\n text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the\n developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited\n in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana\n Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for\n this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front\n of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when a data\n source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API\n token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user.\n This can allow API token holders to retrieve data for which they may not have intended access. This attack\n relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the\n Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana\n instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been\n patched in versions 7.5.13 and 8.3.4. (CVE-2022-21673)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker\n could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML\n page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could\n either compromise an existing datasource for a specific Grafana instance or either set up its own public\n service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following\n must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as\n Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above\n datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked\n on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled\n with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a\n specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated\n user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a\n compromised plugin through a crafted link. Users are advised to update to a patched version. There are no\n known workarounds for this vulnerability. (CVE-2022-21702)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a\n cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting\n cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).\n An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into\n inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as\n possible. There are no known workarounds for this issue. (CVE-2022-21703)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose\n multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an\n authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will\n allow an authenticated attacker to search for teams and see the total number of available teams, including\n for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin\n flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n (CVE-2022-21713)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197579\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010822.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1133287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21713\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected prometheus-postgres_exporter, python3-rhnlib and / or spacecmd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3711\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^SUSE\") audit(AUDIT_OS_NOT, \"openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SUSE[\\d.]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'openSUSE 15', 'openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE (' + os_ver + ')', cpu);\n\nvar pkgs = [\n {'reference':'prometheus-postgres_exporter-0.10.0-150000.1.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'python3-rhnlib-4.2.6-150000.3.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'spacecmd-4.2.16-150000.3.77.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'prometheus-postgres_exporter / python3-rhnlib / spacecmd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T15:13:07", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2134-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine- grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user.\n This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4. (CVE-2022-21673)\n\n - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;\n not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.\n client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. (CVE-2022-21698)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. (CVE-2022-21702)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).\n An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. (CVE-2022-21703)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n (CVE-2022-21713)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:2134-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-3711", "CVE-2021-39226", "CVE-2021-41174", "CVE-2021-41244", "CVE-2021-43798", "CVE-2021-43813", "CVE-2021-43815", "CVE-2022-21673", "CVE-2022-21698", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713"], "modified": "2023-07-13T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:golang-github-prometheus-node_exporter"], "id": "SUSE_SU-2022-2134-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162469", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2134-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162469);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3711\",\n \"CVE-2021-36222\",\n \"CVE-2021-39226\",\n \"CVE-2021-41174\",\n \"CVE-2021-41244\",\n \"CVE-2021-43798\",\n \"CVE-2021-43813\",\n \"CVE-2021-43815\",\n \"CVE-2022-21673\",\n \"CVE-2022-21698\",\n \"CVE-2022-21702\",\n \"CVE-2022-21703\",\n \"CVE-2022-21713\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2134-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:2134-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2134-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function\n EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the\n out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size\n required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer\n and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug\n in the implementation of the SM2 decryption code means that the calculation of the buffer size required to\n hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size\n required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the\n application a second time with a buffer that is too small. A malicious attacker who is able present SM2\n content for decryption to an application could cause attacker chosen data to overflow the buffer by up to\n a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing\n application behaviour or causing the application to crash. The location of the buffer is application\n dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and\n authenticated users are able to view the snapshot with the lowest database key by accessing the literal\n paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration\n setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with\n the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the\n snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest\n database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The\n combination of deletion and viewing enables a complete walk through all snapshot data while resulting in\n complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason\n you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker\n is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content\n may be executed within the context of the victim's browser. The user visiting the malicious link must be\n unauthenticated and the link must be for a page that contains the login button in the menu bar. The url\n has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS\n expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login\n button will contain the original link with a query parameter to force a redirect to the login page. The\n URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained\n in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you\n can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-\n grained access control beta feature is enabled and there is more than one organization in the Grafana\n instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism\n which allowed users with the Organization Admin role to list, add, remove, and update users' roles in\n other organizations in which they are not an admin. With fine-grained access control enabled, organization\n admins can list, add, remove and update users' roles in another organization, where they do not have\n organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control\n beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade,\n you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through\n 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any\n installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched\n versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about\n vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The\n vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated\n users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to\n patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of\n Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files,\n users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help\n text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the\n developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited\n in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana\n Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for\n this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front\n of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when a data\n source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API\n token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user.\n This can allow API token holders to retrieve data for which they may not have intended access. This attack\n relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the\n Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana\n instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been\n patched in versions 7.5.13 and 8.3.4. (CVE-2022-21673)\n\n - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package\n in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version\n 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential\n memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an\n instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;\n not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our\n middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.\n client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including\n removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected\n promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method\n given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow\n a limited set of methods. (CVE-2022-21698)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker\n could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML\n page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could\n either compromise an existing datasource for a specific Grafana instance or either set up its own public\n service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following\n must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as\n Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above\n datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked\n on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled\n with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a\n specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated\n user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a\n compromised plugin through a crafted link. Users are advised to update to a patched version. There are no\n known workarounds for this vulnerability. (CVE-2022-21702)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a\n cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting\n cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).\n An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into\n inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as\n possible. There are no known workarounds for this issue. (CVE-2022-21703)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose\n multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an\n authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will\n allow an authenticated attacker to search for teams and see the total number of available teams, including\n for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin\n flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n (CVE-2022-21713)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21713\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011316.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f170d02\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang-github-prometheus-node_exporter package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3711\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:golang-github-prometheus-node_exporter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'golang-github-prometheus-node_exporter');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-09-03T09:22:07", "description": "An authentication bypass was found in grafana. An attacker on the network is able to view and delete snapshots by accessing a literal path.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-05T21:46:19", "type": "redhatcve", "title": "CVE-2021-39226", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2023-09-02T00:23:22", "id": "RH:CVE-2021-39226", "href": "https://access.redhat.com/security/cve/cve-2021-39226", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-07-29T06:15:23", "description": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \u201cpublic_mode\u201d configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \u201cpublic_mode\u201d setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-05T00:00:00", "type": "attackerkb", "title": "CVE-2021-39226", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-09T00:00:00", "id": "AKB:C7BC56A3-BACB-47EB-9088-23312073E652", "href": "https://attackerkb.com/topics/1rP17VcPME/cve-2021-39226", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-21T20:21:01", "description": "Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n \n**Recent assessments:** \n \n**jbaines-r7** at September 02, 2022 10:47am UTC reported:\n\nEdit: At 4:43pm EST on September 2, 2022, Director of CISA Jen Easterly responded to this entry via [tweet](<https://twitter.com/CISAJen/status/1565802511440777218?s=20&t=jGGMFllNltUdukyQ5ph7EA>). We appreciate the update and look forward to more improvements in the future.\n\n# CVE-2021-38406 Shouldn\u2019t Be on the CISA KEV List\n\nOn August 25, 2022, CISA added [CVE-2021-38406](<https://nvd.nist.gov/vuln/detail/CVE-2021-38406>) to their Known Exploited Vulnerabilities (KEV) Catalog. This was a significant addition to KEV because CVE-2021-38406 affects [Delta Industrial Automation\u2019s](<https://www.deltaww.com/en-us/products/Industrial-Automation/ALL/>) [DOPSoft](<https://filecenter.deltaww.com/Products/download/06/060302/Manual/DELTA_IA-HMI_DOPSoft_UM_EN_20211230.pdf>) software. This addition to the KEV catalog is almost certainly a mistake, which we\u2019ll discuss below in great detail. Technically, they might have included this CVE on purpose, but that would mean that CISA just low-key dropped some huge news about the next Stuxnet, which is unlikely to the point of unbelievability. But, you decide!\n\n\n\n## What\u2019s DOPSoft and CVE-2021-38406?\n\nDOPSoft is [HMI](<https://en.wikipedia.org/wiki/User_interface>) programming software. An attacker that exploits DOPSoft can potentially find themselves on an [engineering workstation](<https://collaborate.mitre.org/attackics/index.php/Engineering_Workstation>) within the ICS network _and_ with specialized programming access to local HMI. That\u2019s a very critical and dangerous place for any attacker to be.\n\nCVE-2021-38406 reportedly affects DOPSoft\u2019s parsing of project files. That\u2019s notable because, despite vulnerabilities affecting all sorts of ICS project files, there have been very few publicly disclosed examples of [project file infections](<https://attack.mitre.org/techniques/T0873/>) used in the wild. The only examples we\u2019re aware of are [Stuxnet](<https://www.wired.com/images_blogs/threatlevel/2011/02/Symantec-Stuxnet-Update-Feb-2011.pdf>) (Step7 project files) and [AutoCAD/AutoLISP project file](<https://ics-cert.kaspersky.com/media/Kaspersky-ICS-engineering-and-integration-sector-2020-En.pdf>) malware. With this KEV entry, CISA has disclosed a unique and ICS-specific attack being exploited in the wild.\n\nOf course, that\u2019s if you only look at the surface level information that CISA provides. The reality is that this CVE doesn\u2019t affect DOPSoft project files, and there is evidence that suggests the CVE was added to the catalog in error. Let\u2019s dive deeper.\n\n## The CVE Description is Bad\n\nCISA includes the CVE\u2019s description in their KEV entry. The description for CVE-2021-38406 follows:\n\n> Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\nICS-CERT is the credited CNA and therefore the likely culprit for this misleading description. The vulnerability was actually discovered by the prolific vulnerability researcher, kimiya, and disclosed through the [Zero Day Initiative](<https://www.zerodayinitiative.com/>) (ZDI). The vulnerability description provided by ZDI for [CVE-2021-38406](<https://www.zerodayinitiative.com/advisories/ZDI-21-952/>) is much more specific.\n\n> This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n> \n> The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n\nHere we can see that ZDI says the vulnerability affects `xls` files. Notably, `xls` files _are not_ DOPSoft project files. `xls` is a Microsoft Excel format. Use of the [Microsoft XLS file format](<https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-xls/cd03cb5f-ca02-4934-a391-bb674cb8aa06>) is only associated with one feature of DOPSoft, and that\u2019s multi-language support. The software can support multiple language texts on any given widget. For example, this DOPSoft screenshot shows a text block that can present as \u201chello world!\u201d in English, Spanish, or German.\n\n\n\nDOPSoft allows the programmer to export the multi-language data as an `xls` file, presumably, so language specialists can review/edit the content, and then the programmer can import updated versions of the text. This is all done through the `Edit` drop-down menu when a project is already loaded.\n\n\n\nWhen the data is exported, it looks exactly how you\u2019d expect:\n\n\n\nAccording to ZDI, the vulnerability is exploitable when a new multi-language `xls` is imported. Which means, getting back to the topic at hand, DOPSoft project files are not affected as ICS-CERT indicated. The `xls` file is **not** a project file (e.g. it doesn\u2019t control logic on an HMI, nor can it be used to launch DOPSoft). DOPSoft project files use the `dps`, `dpb`, or `dop` extension.\n\nThe only way the `xls` could be considered a project file is if the `Import Multi-Language Text` functionality embedded the `xls` in a DOPSoft project file. That would be a little strange, but not inconceivable (it\u2019s ICS software after all). So we decided to pull apart the DOPSoft project file format in order to find an embedded `xls`.\n\n## File Format Exploration\n\nIt\u2019s important to know if the `xls` is contained within DOPSoft project files, not just to nit-pick ICS-CERT, but to determine how many clicks are required to exploit a victim. The affected software is end-of-life and hasn\u2019t been patched for CVE-2021-38406, so understanding the full attack is important when discussing remediation guidance. If the `xls` file is contained within a project file then double clicking on the project will trigger the `xls` parsing and exploit the victim. If the `xls` is only parsed during `Import Multi-Language Text` then an attacker has to get a victim to launch DOPSoft, load a project, and then import the malicious `xls`. Both scenarios are obviously doable, but the second is more involved (and therefore less likely).\n\nThe DOPSoft `dps` project file is split into two parts. By default, the first part is essentially empty (a bitmap filled with `0xfc`). The second part contains gzip compressed data.\n\n\n\nThe compressed data explodes into a large binary blob of unknown format with a short ASCII preamble (\u201cDelta-HMI Screen Editor DOP V1010\u201d).\n\n\n\nWe spent some time in `windbg` figuring out what this unknown format is. Turns out, the file is xor encoded after the first 42 bytes. So we trim the project file:\n \n \n tail -c +42 B8B6 > B8B6.xor\n \n\nAnd run the following Python script to deobfuscate it:\n \n \n f = open('B8B6.xor', \"rb\")\n g = open('B8B6.deobfs', \"w\")\n \n try:\n while True:\n byte = f.read(1)\n if byte == '' or len(byte) == 0:\n break\n xbyte = chr(ord(byte) ^ 0x64)\n g.write(xbyte)\n finally:\n f.close()\n \n g.close()\n \n\nAnd the result is a very large `ini` file.\n \n \n [Application]\n Version=4.00.07.04\n DefaultScreen=1\n DefaultMemFmt=2\n PanelSeries=DOP-B series\n PanelName=DOP-B10E615 65536 Colors\n PanelRotate=0\n ModelName=-1106222768\n WarpText=1\n ShowAfterReadDataFlag=0\n StopUpload=0\n SpeedupPageChange=0\n StartupDelayTime=0\n Name=HMI\n OptimizeType=2\n CommInt=0\n IntRetry=3\n ControllerSection0=Delta\n ControllerName0=Delta DVP PLC\n HMIStationNr0=0\n DefPLCStationNr0=1\n CommName0=Link2\n PortNr0=2\n Interface0=0\n databits0=7\n stopbits0=1\n baud0=9600\n \u2026 truncated \u2026\n \n\nMost importantly, we find that the ini file contains **no** `xls` data. Instead, the multi-language data is represented as normal ini entries. Below you can see our three `hello worlds!`:\n \n \n [State]\n Value=0\n FgColor=16579836\n BgColor=11842740\n FontColor=0\n FontSize0=12\n FontRatio0=100\n FontName0=Arial\n wTextLen0=26\n h\\00e\\00l\\00l\\00o\\00 \\00w\\00o\\00r\\00l\\00d\\00!\\00\\00\\00\n FontSize1=12\n FontRatio1=100\n FontName1=Arial Greek\n wTextLen1=24\n h\\00o\\00l\\00a\\00 \\00m\\00u\\00\\00\\00\\00\\00o\\00!\\00\\00\\00\n FontSize2=12\n FontRatio2=100\n FontName2=Calibri\n wTextLen2=24\n h\\00a\\00l\\00l\\00o\\00 \\00w\\00e\\00l\\00t\\00!\\00\\00\\00\n FontAlign=33\n FontBold=0\n FontItalic=0\n \n\nWhich means, we don\u2019t think ICS-CERT\u2019s description is correct. The project file does not contain an `xls` file, so it will never trigger CVE-2021-38406. An attacker is required to trick the victim into loading the malicious `xls` via the `Import Multi-Language Text` feature. Users should be able to continue safely using DOPSoft affected by CVE-2021-38406, as long as they avoid using the multi-language import feature.\n\n## Ok. Fine. But Was It Exploited in the Wild?!\n\nExploitation might be complicated in a real world scenario. But it\u2019s still doable. The conditions are actually ideal.\n\n\n\nThe question, \u201cDoes CVE-2021-38406 belong in the KEV catalog?\u201d remains relevant even if the CVE description is bad.\n\nCISA calls the KEV catalog _the authoritative source of vulnerabilities that have been exploited in the wild_. However, CISA never provides any justification for the items they add, or don\u2019t add, to the catalog. Entries are simply added and that\u2019s that. But anyone that has been involved with the entry adding process knows that CISA largely relies on open source reporting from the security industry in order to populate the catalog. They\u2019ve chosen to never credit or even cite their sources, opting instead to represent the work as their own, for reasons we won\u2019t speculate on here.\n\nRegardless, the lack of citation/proof makes challenging any entry on the list almost impossible. Each KEV entry requires action by federal civilian executive branch agencies due to the [Binding Operation Directive 22-01](<https://www.cisa.gov/binding-operational-directive-22-01>). Each erroneous entry wastes time, resources, and taxpayer money, not just in the federal space but the myriad security companies that have been, more or less, forced to support the KEV catalog in their products. Not to mention the potential reputational harm an incorrect entry might cause. The fact that CISA provides no evidence and provides no obvious avenues for dissent is problematic.\n\nWhich brings us back to the subject at hand. CVE-2021-38406 was added to the KEV catalog along with 9 other vulnerabilities on August 25, 2022. Three of the newly added vulnerabilities, CVE-2022-22963 (Spring Cloud), CVE-2022-24112 (Apache APISIX), and CVE-2021-39226 (Grafana), were included in an August 19, 2022 article by Unit 42 called, _[Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More](<https://unit42.paloaltonetworks.com/recent-exploits-network-security-trends/>)_. The article details exploits seen in the wild. Additionally, Unit 42 **accidentally** tagged the article with the DOPSoft CVE, CVE-2021-38406.\n\n\n\nWe know this inclusion was accidental because Unit 42 does not discuss the vulnerability, even in passing, at any point in the article. Also, their data collection method, pictured below, would not be able to detect exploitation of CVE-2021-38406 because it\u2019s a local exploit requiring (fairly significant) user interaction.\n\n\n\nThe IPS _might_ see a malformed `xls` file over network traffic, but that isn\u2019t quite the same as seeing an actual exploitation attempt.\n\nAnd, finally, we know CVE-2021-38406 was accidentally tagged in that article because we were told so:\n\n\n\n## Conclusion\n\nThere is no other open source information indicating that CVE-2021-38406 has been exploited in the wild. Could it be that CISA knows this vulnerability, which requires significant user interaction to exploit niche ICS software, was exploited in the wild? Or is it more likely that CISA was lifting CVEs from Unit 42\u2019s blog and erroneously included CVE-2021-38406 because it was mistakenly included in the article?\n\nFinally, this research demonstrates that we clearly need _some_ kind of mechanism to challenge weird-looking updates to the KEV list to avoid burning a lot of time, effort, money, and heartache on chasing vulnerabilities that many, many people _must_ chase because they\u2019re subject to [BOD-22-1](<https://www.cisa.gov/binding-operational-directive-22-01>).\n\n_edit: Title changed as per request at 4:22pm EST on Sept. 2, 2022_\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 2Assessed Attacker Value: 1\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-09T00:00:00", "type": "attackerkb", "title": "CVE-2021-38406", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38406", "CVE-2021-39226", "CVE-2022-22963", "CVE-2022-24112"], "modified": "2021-10-05T00:00:00", "id": "AKB:2B7B662B-EDD1-4BFA-978A-6AE63790F8A5", "href": "https://attackerkb.com/topics/RHuGSieFJe/cve-2021-38406", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2021-10-13T18:49:08", "description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2021-10-12T10:35:50", "type": "almalinux", "title": "Important: grafana security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-13T14:16:25", "id": "ALSA-2021:3771", "href": "https://errata.almalinux.org/8/ALSA-2021-3771.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-07-24T17:26:49", "description": "An update is available for grafana.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nGrafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-12T10:35:50", "type": "rocky", "title": "grafana security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-12T10:35:50", "id": "RLSA-2021:3771", "href": "https://errata.rockylinux.org/RLSA-2021:3771", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2023-02-08T16:42:31", "description": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects. ([CVE-2021-39226](<https://vulners.com/cve/CVE-2021-39226>))\n\nImpact\n\nThis vulnerability enables exposure of all snapshot data while resulting in complete snapshot data loss.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-26T20:23:00", "type": "f5", "title": "Grafana vulnerability CVE-2021-39226", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-11-11T18:54:00", "id": "F5:K22322802", "href": "https://support.f5.com/csp/article/K22322802", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-05-23T16:23:44", "description": "\n\nGrafana Labs reports:\n\nUnauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths:\n\n/dashboard/snapshot/:key, or\n/api/snapshots/:key\n\nIf the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path:\n\n/api/snapshots-delete/:deleteKey\n\nRegardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths:\n\n/api/snapshots/:key, or\n/api/snapshots-delete/:deleteKey\n\nThe combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-09-15T00:00:00", "type": "freebsd", "title": "Grafana -- Snapshot authentication bypass", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-09-15T00:00:00", "id": "757EE63B-269A-11EC-A616-6C3BE5272ACD", "href": "https://vuxml.freebsd.org/freebsd/757ee63b-269a-11ec-a616-6c3be5272acd.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-05-24T13:25:35", "description": "Grafana is an open source data visualization platform. In affected versions\nunauthenticated and authenticated users are able to view the snapshot with\nthe lowest database key by accessing the literal paths:\n/dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot\n\"public_mode\" configuration setting is set to true (vs default of false),\nunauthenticated users are able to delete the snapshot with the lowest\ndatabase key by accessing the literal path:\n/api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\"\nsetting, authenticated users are able to delete the snapshot with the\nlowest database key by accessing the literal paths: /api/snapshots/:key, or\n/api/snapshots-delete/:deleteKey. The combination of deletion and viewing\nenables a complete walk through all snapshot data while resulting in\ncomplete snapshot data loss. This issue has been resolved in versions 8.1.6\nand 7.5.11. If for some reason you cannot upgrade you can use a reverse\nproxy or similar to block access to the literal paths: /api/snapshots/:key,\n/api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and\n/api/snapshots/:key. They have no normal function and can be disabled\nwithout side effects.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | I'm guessing https://github.com/grafana/grafana/commit/329f96db1a507378a5d8ba0de685a0f0ae3ce0e0 is the fix, though nothing in the commit says that it is. Double-check.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-05T00:00:00", "type": "ubuntucve", "title": "CVE-2021-39226", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-05T00:00:00", "id": "UB:CVE-2021-39226", "href": "https://ubuntu.com/security/CVE-2021-39226", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2021-11-29T10:35:46", "description": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.4}, "published": "2021-10-05T18:15:00", "type": "alpinelinux", "title": "CVE-2021-39226", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-11-28T23:22:00", "id": "ALPINE:CVE-2021-39226", "href": "https://security.alpinelinux.org/vuln/CVE-2021-39226", "cvss": {}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:30:18", "description": "An information disclosure vulnerability exists in Grafana Snapshot Feature. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.4}, "published": "2021-12-22T00:00:00", "type": "checkpoint_advisories", "title": "Grafana Snapshot Feature Information Disclosure (CVE-2021-39226)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-12-22T00:00:00", "id": "CPAI-2021-0930", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2022-07-12T18:39:46", "description": "[7.3.6-3]\n- resolve CVE-2021-39226\n- resolve CVE-2021-27358", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-12T00:00:00", "type": "oraclelinux", "title": "grafana security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-10-12T00:00:00", "id": "ELSA-2021-3771", "href": "http://linux.oracle.com/errata/ELSA-2021-3771.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:59:04", "description": "github.com/grafana/grafana is vulnerable to authentication bypass. The library does not properly restrict access to literal paths, allowing unauthenticated users to modify data. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-06T02:50:53", "type": "veracode", "title": "Authentication Bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-11-29T02:10:13", "id": "VERACODE:32391", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32391/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-08-16T07:01:39", "description": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2021-10-05T18:15:00", "type": "prion", "title": " Snapshot authentication bypass in grafana", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-11-28T23:22:00", "id": "PRION:CVE-2021-39226", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-39226", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-05-11T21:32:51", "description": "Today we are releasing Grafana 7.5.11, and 8.1.6. These patch releases include an important security fix for an issue that affects all Grafana versions from 2.0.1.\n\n[Grafana Cloud](https://grafana.com/cloud) instances have already been patched and an audit did not find any usage of this attack vector. [Grafana Enterprise](https://grafana.com/products/enterprise) customers were provided with updated binaries under embargo.\n\n8.1.5 contained a single fix for bar chart panels. We believe that users can expedite deployment by moving from 8.1.4 to 8.1.6 directly.\n\n## CVE-2021-39226 Snapshot authentication bypass\n\n### Summary\n\nCVSS Score: 9.8 Critical\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\nWe received a security report to [security@grafana.com](mailto:security@grafana.com) on 2021-09-15 about a vulnerability in Grafana regarding the snapshot feature. It was later identified as affecting Grafana versions from 2.0.1 to 8.1.6. [CVE-2021-39226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39226) has been assigned to this vulnerability.\n\n### Impact\nUnauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths:\n\n* `/dashboard/snapshot/:key`, or\n* `/api/snapshots/:key`\n\nIf the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path:\n\n* `/api/snapshots-delete/:deleteKey`\n\nRegardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths:\n\n* `/api/snapshots/:key`, or\n* `/api/snapshots-delete/:deleteKey`\n\nThe combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.\n\n### Attack audit\n\nWhile we can not guarantee that the below will identify all attacks, if you do find something with the below, you should consider doing a full assessment.\n\n#### Through reverse proxy/load balancer logs\n\nTo determine if your Grafana installation has been exploited for this vulnerability, search through your reverse proxy/load balancer access logs for instances where the path is `/dashboard/snapshot/:key`, `/api/snapshots/:key` or `/api/snapshots-delete/:deleteKey`, and the response status code was 200 (OK).\nFor example, if you\u2019re using the Kubernetes ingress-nginx controller and sending logs to Loki, use a LogQL query like `{job=\"nginx-ingress-controller\"} |= \"\\\"status\\\": 200\" |= \"\\\"uri\\\": \\\"/api/snapshots/:key\\\"\"`.\n\n#### Through the Grafana Enterprise audit feature\n\nIf you enabled \u201cLog web requests\u201d in your configuration with `router_logging = true`, look for\n`\"requestUri\":\"/api/snapshots-delete/\u201d`,`\u201crequestUri\":\"/api/snapshots/:key\"`, or `\"type\":\"snapshot\"` in combination with `\"action\":\"delete\"`.\n\n### Patched versions\n\nRelease 8.1.6: \n\n- [Download Grafana 8.1.6](https://grafana.com/grafana/download/8.1.6)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/)\n\nRelease 7.5.11: \n\n- [Download Grafana 7.5.11](https://grafana.com/grafana/download/7.5.11)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/)\n\n### Solutions and mitigations\n\nDownload and install the appropriate patch for your version of Grafana.\n\n[Grafana Cloud](https://grafana.com/cloud) instances have already been patched, and [Grafana Enterprise](https://grafana.com/products/enterprise) customers were provided with updated binaries under embargo.\n\n### Workaround\n\nIf for some reason you cannot upgrade:\n\nYou can use a reverse proxy or similar to block access to the literal paths\n* `/api/snapshots/:key`\n* `/api/snapshots-delete/:deleteKey`\n* `/dashboard/snapshot/:key`\n* `/api/snapshots/:key`\n\nThey have no normal function and can be disabled without side effects.\n\n### Timeline and postmortem\n\nHere is a detailed timeline starting from when we originally learned of the issue. All times in UTC.\n\n* 2021-09-15 14:49: Tuan Tran theblackturtle0901@gmail.com sends initial report about viewing snapshots without authentication\n* 2021-09-15 15:56: Initial reproduction\n* 2021-09-15 17:10: MEDIUM severity declared\n* 2021-09-15 18:58: Workaround deployed on Grafana Cloud\n* 2021-09-15 19:15: `/api/snapshots/:key` found to be vulnerable as well\n* 2021-09-15 19:30: `/api/snapshots/:key` blocked on Grafana Cloud\n* 2021-09-16 09:31: `/api/snapshots-delete/:deleteKey` found to be vulnerable as well, blocked on Grafana Cloud. From this point forward, Cloud is not affected any more.\n* 2021-09-16 09:35: HIGH severity declared\n* 2021-09-16 11:19: Realization that combination of deletion and viewing allows enumeration and permanent DoS\n* 2021-09-16 11:19: CRITICAL declared\n* 2021-09-17 10:53: Determination that no weekend work is needed. While issue is CRITICAL, scope is very limited\n* 2021-09-17 14:26: Audit of Grafana Cloud concluded, no evidence of exploitation\n* 2021-09-23: Grafana Cloud instances updated\n* 2021-09-28 12:00: Grafana Enterprise images released to customers under embargo\n* 2021-10-05 17:00: Public release\n\n## Reporting security issues\n\nIf you think you have found a security vulnerability, please send a report to [security@grafana.com](mailto:security@grafana.com). This address can be used for all of\nGrafana Labs's open source and commercial products (including but not limited to Grafana, Tempo, Loki, Amixr, k6, Tanka, and Grafana Cloud, Grafana Enterprise, and grafana.com). We only accept vulnerability reports at this address. We would prefer that you encrypt your message to us using our PGP key. The key fingerprint is:\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from [keys.gnupg.net](http://keys.gnupg.net/pks/lookup?op=get&fingerprint=on&search=0xD1258932BE24C5CA) by searching for [security@grafana](http://keys.gnupg.net/pks/lookup?search=security@grafana&fingerprint=on&op=index.\n\n## Security announcements\n\nWe maintain a category on the community site named [Security Announcements](https://community.grafana.com/c/security-announcements),\nwhere we will post a summary, remediation, and mitigation details for any patch containing security fixes. You can also subscribe to email updates to this category if you have a grafana.com account and sign in to the community site, or via updates from our [Security Announcements RSS feed](https://community.grafana.com/c/security-announcements.rss).\n\n## Acknowledgement\n\nWe would like to thank [Tran Viet Tuan](https://github.com/theblackturtle) for responsibly disclosing the initially discovered vulnerability to us.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.4}, "published": "2021-10-05T20:24:02", "type": "osv", "title": "Authentication bypass for viewing and deletions of snapshots", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2021-11-18T15:13:27", "id": "OSV:GHSA-69J6-29VR-P3J9", "href": "https://osv.dev/vulnerability/GHSA-69j6-29vr-p3j9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-07-21T17:22:44", "description": "Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2022-08-25T00:00:00", "type": "cisa_kev", "title": "Grafana Authentication Bypass Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226"], "modified": "2022-08-25T00:00:00", "id": "CISA-KEV-CVE-2021-39226", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-08T06:10:02", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for grafana fixes the following issues:\n\n - CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454)\n - CVE-2021-43813: Fixed markdown path traversal (bsc#1193688)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-140=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2022-01-20T00:00:00", "type": "suse", "title": "Security update for grafana (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226", "CVE-2021-43813"], "modified": "2022-01-20T00:00:00", "id": "OPENSUSE-SU-2022:0140-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZUS4G6GRHNJN7AR53SGJABSHRZM3XMOY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T17:58:07", "description": "An update that fixes 12 vulnerabilities, contains three\n features is now available.\n\nDescription:\n\n\n This update fixes the following issues:\n\n grafana:\n\n - Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439,\n jsc#SLE-23422)\n + Security:\n * Fixes XSS vulnerability in handling data sources (bsc#1195726,\n CVE-2022-21702)\n * Fixes cross-origin request forgery vulnerability (bsc#1195727,\n CVE-2022-21703)\n * Fixes Insecure Direct Object Reference vulnerability in Teams API\n (bsc#1195728, CVE-2022-21713)\n - Update to Go 1.17.\n - Add build-time dependency on `wire`.\n - Update license to GNU Affero General Public License v3.0.\n - Update to version 8.3.4\n * GetUserInfo: return an error if no user was found (bsc#1194873,\n CVE-2022-21673)\n + Features and enhancements:\n * Alerting: Allow configuration of non-ready alertmanagers.\n * Alerting: Allow customization of Google chat message.\n * AppPlugins: Support app plugins with only default nav.\n * InfluxDB: query editor: skip fields in metadata queries.\n * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels\n query in grafana.\n * Prometheus: Forward oauth tokens after prometheus datasource\n migration.\n + Bug fixes:\n * Azure Monitor: Bug fix for variable interpolations in metrics\n dropdowns.\n * Azure Monitor: Improved error messages for variable queries.\n * CloudMonitoring: Fixes broken variable queries that use group bys.\n * Configuration: You can now see your expired API keys if you have no\n active ones.\n * Elasticsearch: Fix handling multiple datalinks for a single field.\n * Export: Fix error being thrown when exporting dashboards using query\n variables that reference the default datasource.\n * ImportDashboard: Fixes issue with importing dashboard and name\n ending up in uid.\n * Login: Page no longer overflows on mobile.\n * Plugins: Set backend metadata property for core plugins.\n * Prometheus: Fill missing steps with null values.\n * Prometheus: Fix interpolation of $__rate_interval variable.\n * Prometheus: Interpolate variables with curly brackets syntax.\n * Prometheus: Respect the http-method data source setting.\n * Table: Fixes issue with field config applied to wrong fields when\n hiding columns.\n * Toolkit: Fix bug with rootUrls not being properly parsed when\n signing a private plugin.\n * Variables: Fix so data source variables are added to adhoc\n configuration.\n + Plugin development fixes & changes:\n * Toolkit: Revert build config so tslib is bundled with plugins to\n prevent plugins from crashing.\n - Update to version 8.3.3:\n * BarChart: Use new data error view component to show actions in panel\n edit.\n * CloudMonitor: Iterate over pageToken for resources.\n * Macaron: Prevent WriteHeader invalid HTTP status code panic.\n * AnnoListPanel: Fix interpolation of variables in tags.\n * CloudWatch: Allow queries to have no dimensions specified.\n * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5\n to 8.3.0.\n * CloudWatch: Make sure MatchExact flag gets the right value.\n * Dashboards: Fix so that empty folders can be deleted from the manage\n dashboards/folders page.\n * InfluxDB: Improve handling of metadata query errors in InfluxQL.\n * Loki: Fix adding of ad hoc filters for queries with parser and\n line_format expressions.\n * Prometheus: Fix running of exemplar queries for non-histogram\n metrics.\n * Prometheus: Interpolate template variables in interval.\n * StateTimeline: Fix toolitp not showing when for frames with multiple\n fields.\n * TraceView: Fix virtualized scrolling when trace view is\n opened in right pane in Explore.\n * Variables: Fix repeating panels for on time range changed variables.\n * Variables: Fix so queryparam option works for scoped\n - Update to version 8.3.2\n + Security: Fixes CVE-2021-43813 and CVE-2021-43815.\n - Update to version 8.3.1\n + Security: Fixes CVE-2021-43798.\n - Update to version 8.3.0\n * Alerting: Prevent folders from being deleted when they contain\n alerts.\n * Alerting: Show full preview value in tooltip.\n * BarGauge: Limit title width when name is really long.\n * CloudMonitoring: Avoid to escape regexps in filters.\n * CloudWatch: Add support for AWS Metric Insights.\n * TooltipPlugin: Remove other panels' shared tooltip in edit panel.\n * Visualizations: Limit y label width to 40% of visualization width.\n * Alerting: Clear alerting rule evaluation errors after intermittent\n failures.\n * Alerting: Fix refresh on legacy Alert List panel.\n * Dashboard: Fix queries for panels with non-integer widths.\n * Explore: Fix url update inconsistency.\n * Prometheus: Fix range variables interpolation for time ranges\n smaller than 1 second.\n * ValueMappings: Fixes issue with regex value mapping that only sets\n color.\n - Update to version 8.3.0-beta2\n + Breaking changes:\n * Grafana 8 Alerting enabled by default for installations that do not\n use legacy alerting.\n * Keep Last State for \"If execution error or timeout\" when upgrading\n to Grafana 8 alerting.\n * Alerting: Create DatasourceError alert if evaluation returns error.\n * Alerting: Make Unified Alerting enabled by default for those who do\n not use legacy alerting.\n * Alerting: Support mute timings configuration through the api for the\n embedded alert manager.\n * CloudWatch: Add missing AWS/Events metrics.\n * Docs: Add easier to find deprecation notices to certain data sources\n and to the changelog.\n * Plugins Catalog: Enable install controls based on the\n pluginAdminEnabled flag.\n * Table: Add space between values for the DefaultCell and JSONViewCell.\n * Tracing: Make query editors available in dashboard for Tempo and\n Zipkin.\n * AccessControl: Renamed orgs roles, removed fixed:orgs:reader\n introduced in beta1.\n * Azure Monitor: Add trap focus for modals in grafana/ui and\n other small a11y fixes for Azure Monitor.\n * CodeEditor: Prevent suggestions from being clipped.\n * Dashboard: Fix cache timeout persistence.\n * Datasource: Fix stable sort order of query responses.\n * Explore: Fix error in query history when removing last item.\n * Logs: Fix requesting of older logs when flipped order.\n * Prometheus: Fix running of health check query based on access mode.\n * TextPanel: Fix suggestions for existing panels.\n * Tracing: Fix incorrect indentations due to reoccurring spanIDs.\n * Tracing: Show start time of trace with milliseconds precision.\n * Variables: Make renamed or missing variable section expandable.\n * Select: Select menus now properly scroll during keyboard navigation.\n - Update to version 8.3.0-beta1\n * Alerting: Add UI for contact point testing with custom annotations\n and labels.\n * Alerting: Make alert state indicator in panel header work with\n Grafana 8 alerts.\n * Alerting: Option for Discord notifier to use webhook name.\n * Annotations: Deprecate AnnotationsSrv.\n * Auth: Omit all base64 paddings in JWT tokens for the JWT auth.\n * Azure Monitor: Clean up fields when editing Metrics.\n * AzureMonitor: Add new starter dashboards.\n * AzureMonitor: Add starter dashboard for app monitoring with\n Application Insights.\n * Barchart/Time series: Allow x axis label.\n * CLI: Improve error handling for installing plugins.\n * CloudMonitoring: Migrate to use backend plugin SDK contracts.\n * CloudWatch Logs: Add retry strategy for hitting max concurrent\n queries.\n * CloudWatch: Add AWS RoboMaker metrics and dimension.\n * CloudWatch: Add AWS Transfer metrics and dimension.\n * Dashboard: replace datasource name with a reference object.\n * Dashboards: Show logs on time series when hovering.\n * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).\n * Elasticsearch: Add time zone setting to Date Histogram aggregation.\n * Elasticsearch: Enable full range log volume histogram.\n * Elasticsearch: Full range logs volume.\n * Explore: Allow changing the graph type.\n * Explore: Show ANSI colors when highlighting matched words in the\n logs panel.\n * Graph(old) panel: Listen to events from Time series panel.\n * Import: Load gcom dashboards from URL.\n * LibraryPanels: Improves export and import of library panels between\n orgs.\n * OAuth: Support PKCE.\n * Panel edit: Overrides now highlight correctly when searching.\n * PanelEdit: Display drag indicators on draggable sections.\n * Plugins: Refactor Plugin Management.\n * Prometheus: Add custom query parameters when creating PromLink url.\n * Prometheus: Remove limits on metrics, labels, and values in Metrics\n Browser.\n * StateTimeline: Share cursor with rest of the panels.\n * Tempo: Add error details when json upload fails.\n * Tempo: Add filtering for service graph query.\n * Tempo: Add links to nodes in Service Graph pointing to Prometheus\n metrics.\n * Time series/Bar chart panel: Add ability to sort series via legend.\n * TimeSeries: Allow multiple axes for the same unit.\n * TraceView: Allow span links defined on dataFrame.\n * Transformations: Support a rows mode in labels to fields.\n * ValueMappings: Don't apply field config defaults to time fields.\n * Variables: Only update panels that are impacted by variable change.\n * API: Fix dashboard quota limit for imports.\n * Alerting: Fix rule editor issues with Azure Monitor data source.\n * Azure monitor: Make sure alert rule editor is not enabled when\n template variables are being used.\n * CloudMonitoring: Fix annotation queries.\n * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.\n * Dashboard: Remove the current panel from the list of options in the\n Dashboard datasource.\n * Encryption: Fix decrypting secrets in alerting migration.\n * InfluxDB: Fix corner case where index is too large in ALIAS\n * NavBar: Order App plugins alphabetically.\n * NodeGraph: Fix zooming sensitivity on touchpads.\n * Plugins: Add OAuth pass-through logic to api/ds/query endpoint.\n * Snapshots: Fix panel inspector for snapshot data.\n * Tempo: Fix basic auth password reset on adding tag.\n * ValueMapping: Fixes issue with regex mappings.\n * grafana/ui: Enable slider marks display.\n - Update to version 8.2.7\n - Update to version 8.2.6\n * Security: Upgrade Docker base image to Alpine 3.14.3.\n * Security: Upgrade Go to 1.17.2.\n * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated\n series.\n - Update to version 8.2.5\n * Fix No Data behaviour in Legacy Alerting.\n * Alerting: Fix a bug where the metric in the evaluation string was\n not correctly populated.\n * Alerting: Fix no data behaviour in Legacy Alerting for alert rules\n using the AND operator.\n * CloudMonitoring: Ignore min and max aggregation in MQL queries.\n * Dashboards: 'Copy' is no longer added to new dashboard titles.\n * DataProxy: Fix overriding response body when response is a WebSocket\n upgrade.\n * Elasticsearch: Use field configured in query editor as field for\n date_histogram aggregations.\n * Explore: Fix running queries without a datasource property set.\n * InfluxDB: Fix numeric aliases in queries.\n * Plugins: Ensure consistent plugin settings list response.\n * Tempo: Fix validation of float durations.\n * Tracing: Correct tags for each span are shown.\n - Update to version 8.2.4\n + Security: Fixes CVE-2021-41244.\n - Update to version 8.2.3\n + Security: Fixes CVE-2021-41174.\n - Update to version 8.2.2\n * Annotations: We have improved tag search performance.\n * Application: You can now configure an error-template title.\n * AzureMonitor: We removed a restriction from the resource filter\n query.\n * Packaging: We removed the ProcSubset option in systemd. This\n option prevented Grafana from starting in LXC environments.\n * Prometheus: We removed the autocomplete limit for metrics.\n * Table: We improved the styling of the type icons to make them more\n distinct from column / field name.\n * ValueMappings: You can now use value mapping in stat, gauge, bar\n gauge, and pie chart visualizations.\n * Alerting: Fix panic when Slack's API sends unexpected response.\n * Alerting: The Create Alert button now appears on the dashboard panel\n when you are working with a default datasource.\n * Explore: We fixed the problem where the Explore log panel disappears\n when an Elasticsearch logs query returns no results.\n * Graph: You can now see annotation descriptions on hover.\n * Logs: The system now uses the JSON parser only if the line is parsed\n to an object.\n * Prometheus: We fixed the issue where the system did not reuse TCP\n connections when querying from Grafana alerting.\n * Prometheus: We fixed the problem that resulted in an error when a\n user created a query with a $__interval min step.\n * RowsToFields: We fixed the issue where the system was not properly\n interpreting number values.\n * Scale: We fixed how the system handles NaN percent when data min =\n data max.\n * Table panel: You can now create a filter that includes special\n characters.\n - Update to version 8.2.1\n * Dashboard: Fix rendering of repeating panels.\n * Datasources: Fix deletion of data source if plugin is not found.\n * Packaging: Remove systemcallfilters sections from systemd unit files.\n * Prometheus: Add Headers to HTTP client options.\n - Update to version 8.2.0\n * AWS: Updated AWS authentication documentation.\n * Alerting: Added support Alertmanager data source for upstream\n Prometheus AM implementation.\n * Alerting: Allows more characters in label names so notifications are\n sent.\n * Alerting: Get alert rules for a dashboard or a panel using\n /api/v1/rules endpoints.\n * Annotations: Improved rendering performance of event markers.\n * CloudWatch Logs: Skip caching for log queries.\n * Explore: Added an opt-in configuration for Node Graph in Jaeger,\n Zipkin, and Tempo.\n * Packaging: Add stricter systemd unit options.\n * Prometheus: Metrics browser can now handle label values with\n * CodeEditor: Ensure that we trigger the latest onSave callback\n provided to the component.\n * DashboardList/AlertList: Fix for missing All folder value.\n * Plugins: Create a mock icon component to prevent console errors.\n - Update to version 8.2.0-beta2\n * AccessControl: Document new permissions restricting data source\n access.\n * TimePicker: Add fiscal years and search to time picker.\n * Alerting: Added support for Unified Alerting with Grafana HA.\n * Alerting: Added support for tune rule evaluation using configuration\n options.\n * Alerting: Cleanups alertmanager namespace from key-value store when\n disabling Grafana 8 alerts.\n * Alerting: Remove ngalert feature toggle and introduce two new\n settings for enabling Grafana 8 alerts and disabling them for\n specific organisations.\n * CloudWatch: Introduced new math expression where it is necessary to\n specify the period field.\n * InfluxDB: Added support for $__interval and $__interval_ms in Flux\n queries for alerting.\n * InfluxDB: Flux queries can use more precise start and end timestamps\n with nanosecond-precision.\n * Plugins Catalog: Make the catalog the default way to interact with\n plugins.\n * Prometheus: Removed autocomplete limit for metrics.\n * Alerting: Fixed an issue where the edit page crashes if you tried to\n preview an alert without a condition set.\n * Alerting: Fixed rules migration to keep existing Grafana 8 alert\n rules.\n * Alerting: Fixed the silence file content generated during\n * Analytics: Fixed an issue related to interaction event propagation\n in Azure Application Insights.\n * BarGauge: Fixed an issue where the cell color was lit even though\n there was no data.\n * BarGauge: Improved handling of streaming data.\n * CloudMonitoring: Fixed INT64 label unmarshal error.\n * ConfirmModal: Fixes confirm button focus on modal open.\n * Dashboard: Add option to generate short URL for variables with\n values containing spaces.\n * Explore: No longer hides errors containing refId property.\n * Fixed an issue that produced State timeline panel tooltip error when\n data was not in sync.\n * InfluxDB: InfluxQL query editor is set to always use resultFormat.\n * Loki: Fixed creating context query for logs with parsed labels.\n * PageToolbar: Fixed alignment of titles.\n * Plugins Catalog: Update to the list of available panels after an\n install, update or uninstall.\n * TimeSeries: Fixed an issue where the shared cursor was not showing\n when hovering over in old Graph panel.\n * Variables: Fixed issues related to change of focus or refresh pages\n when pressing enter in a text box variable input.\n * Variables: Panel no longer crash when using the adhoc variable in\n data links.\n - Update to version 8.2.0-beta1\n * AccessControl: Introduce new permissions to restrict access for\n reloading provisioning configuration.\n * Alerting: Add UI to edit Cortex/Loki namespace, group names, and\n group evaluation interval.\n * Alerting: Add a Test button to test contact point.\n * Alerting: Allow creating/editing recording rules for Loki and Cortex.\n * Alerting: Metrics should have the label org instead of user.\n * Alerting: Sort notification channels by name to make them easier to\n locate.\n * Alerting: Support org level isolation of notification\n * AzureMonitor: Add data links to deep link to Azure Portal Azure\n Resource Graph.\n * AzureMonitor: Add support for annotations from Azure Monitor Metrics\n and Azure Resource Graph services.\n * AzureMonitor: Show error message when subscriptions request fails in\n ConfigEditor.\n * Chore: Update to Golang 1.16.7.\n * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.\n * CloudWatch Logs: Disable query path using websockets (Live) feature.\n * CloudWatch/Logs: Don't group dataframes for non time series\n * Cloudwatch: Migrate queries that use multiple stats to one query per\n stat.\n * Dashboard: Keep live timeseries moving left (v2).\n * Datasources: Introduce response_limit for datasource responses.\n * Explore: Add filter by trace or span ID to trace to logs\n * Explore: Download traces as JSON in Explore Inspector.\n * Explore: Reuse Dashboard's QueryRows component.\n * Explore: Support custom display label for derived fields buttons for\n Loki datasource.\n * Grafana UI: Update monaco-related dependencies.\n * Graphite: Deprecate browser access mode.\n * InfluxDB: Improve handling of intervals in alerting.\n * InfluxDB: InfluxQL query editor: Handle unusual characters in tag\n values better.\n * Jaeger: Add ability to upload JSON file for trace data.\n * LibraryElements: Enable specifying UID for new and existing library\n elements.\n * LibraryPanels: Remove library panel icon from the panel header so\n you can no longer tell that a panel is a library panel from the\n dashboard view.\n * Logs panel: Scroll to the bottom on page refresh when sorting in\n ascending order.\n * Loki: Add fuzzy search to label browser.\n * Navigation: Implement active state for items in the Sidemenu.\n * Packaging: Update PID file location from /var/run to /run.\n * Plugins: Add Hide OAuth Forward config option.\n * Postgres/MySQL/MSSQL: Add setting to limit the maximum number\n of rows processed.\n * Prometheus: Add browser access mode deprecation warning.\n * Prometheus: Add interpolation for built-in-time variables to backend.\n * Tempo: Add ability to upload trace data in JSON format.\n * TimeSeries/XYChart: Allow grid lines visibility control in XYChart\n and TimeSeries panels.\n * Transformations: Convert field types to time string number or\n boolean.\n * Value mappings: Add regular-expression based value mapping.\n * Zipkin: Add ability to upload trace JSON.\n * Admin: Prevent user from deleting user's current/active\n organization.\n * LibraryPanels: Fix library panel getting saved in the dashboard's\n folder.\n * OAuth: Make generic teams URL and JMES path configurable.\n * QueryEditor: Fix broken copy-paste for mouse middle-click\n * Thresholds: Fix undefined color in \"Add threshold\".\n * Timeseries: Add wide-to-long, and fix multi-frame output.\n * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set\n to All.\n * Grafana UI: Fix TS error property css is missing in type.\n - Update to version 8.1.8\n - Update to version 8.1.7\n * Alerting: Fix alerts with evaluation interval more than 30 seconds\n resolving before notification.\n * Elasticsearch/Prometheus: Fix usage of proper SigV4 service\n namespace.\n - Update to version 8.1.6\n + Security: Fixes CVE-2021-39226.\n - Update to version 8.1.5\n * BarChart: Fixes panel error that happens on second refresh.\n - Update to version 8.1.4\n + Features and enhancements\n * Explore: Ensure logs volume bar colors match legend colors.\n * LDAP: Search all DNs for users.\n * Alerting: Fix notification channel migration.\n * Annotations: Fix blank panels for queries with unknown data sources.\n * BarChart: Fix stale values and x axis labels.\n * Graph: Make old graph panel thresholds work even if ngalert is\n enabled.\n * InfluxDB: Fix regex to identify / as separator.\n * LibraryPanels: Fix update issues related to library panels in rows.\n * Variables: Fix variables not updating inside a Panel when the\n preceding Row uses \"Repeat For\".\n - Update to version 8.1.3\n + Bug fixes\n * Alerting: Fix alert flapping in the internal alertmanager.\n * Alerting: Fix request handler failed to convert dataframe \"results\"\n to plugins.DataTimeSeriesSlice: input frame is not recognized as a\n time series.\n * Dashboard: Fix UIDs are not preserved when importing/creating\n dashboards thru importing .json file.\n * Dashboard: Forces panel re-render when exiting panel edit.\n * Dashboard: Prevent folder from changing when navigating to general\n settings.\n * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix\n CVE-2021-3711.\n * Elasticsearch: Fix metric names for alert queries.\n * Elasticsearch: Limit Histogram field parameter to numeric values.\n * Elasticsearch: Prevent pipeline aggregations to show up in terms\n order by options.\n * LibraryPanels: Prevent duplicate repeated panels from being created.\n * Loki: Fix ad-hoc filter in dashboard when used with parser.\n * Plugins: Track signed files + add warn log for plugin assets which\n are not signed.\n * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.\n * Prometheus: Fix validate selector in metrics browser.\n * Security: Fix stylesheet injection vulnerability.\n * Security: Fix short URL vulnerability.\n - Update to version 8.1.2\n * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.\n * Datasource: Change HTTP status code for failed datasource health\n check to 400.\n * Explore: Add span duration to left panel in trace viewer.\n * Plugins: Use file extension allowlist when serving plugin assets\n instead of checking for UNIX executable.\n * Profiling: Add support for binding pprof server to custom network\n interfaces.\n * Search: Make search icon keyboard navigable.\n * Template variables: Keyboard navigation improvements.\n * Tooltip: Display ms within minute time range.\n * Alerting: Fix saving LINE contact point.\n * Annotations: Fix alerting annotation coloring.\n * Annotations: Alert annotations are now visible in the correct Panel.\n * Auth: Hide SigV4 config UI and disable middleware when its config\n flag is disabled.\n * Dashboard: Prevent incorrect panel layout by comparing window width\n against theme breakpoints.\n * Explore: Fix showing of full log context.\n * PanelEdit: Fix 'Actual' size by passing the correct panel size to\n Dashboard.\n * Plugins: Fix TLS datasource settings.\n * Variables: Fix issue with empty drop downs on navigation.\n * Variables: Fix URL util converting false into true.\n * Toolkit: Fix matchMedia not found error.\n - Update to version 8.1.1\n * CloudWatch Logs: Fix crash when no region is selected.\n - Update to version 8.1.0\n * Alerting: Deduplicate receivers during migration.\n * ColorPicker: Display colors as RGBA.\n * Select: Make portalling the menu opt-in, but opt-in everywhere.\n * TimeRangePicker: Improve accessibility.\n * Annotations: Correct annotations that are displayed upon page\n refresh.\n * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.\n * Annotations: Fix data source template variable that was not\n available for annotations.\n * AzureMonitor: Fix annotations query editor that does not load.\n * Geomap: Fix scale calculations.\n * GraphNG: Fix y-axis autosizing.\n * Live: Display stream rate and fix duplicate channels in list\n * Loki: Update labels in log browser when time range changes in\n dashboard.\n * NGAlert: Send resolve signal to alertmanager on alerting -> Normal.\n * PasswordField: Prevent a password from being displayed when you\n click the Enter button.\n * Renderer: Remove debug.log file when Grafana is stopped.\n * Security: Update dependencies to fix CVE-2021-36222.\n - Update to version 8.1.0-beta3\n * Alerting: Support label matcher syntax in alert rule list filter.\n * IconButton: Put tooltip text as aria-label.\n * Live: Experimental HA with Redis.\n * UI: FileDropzone component.\n * CloudWatch: Add AWS LookoutMetrics.\n * Docker: Fix builds by delaying go mod verify until all required\n files are copied over.\n * Exemplars: Fix disable exemplars only on the query that failed.\n * SQL: Fix SQL dataframe resampling (fill mode + time intervals).\n - Update to version 8.1.0-beta2\n * Alerting: Expand the value string in alert annotations and\n * Auth: Add Azure HTTP authentication middleware.\n * Auth: Auth: Pass user role when using the authentication proxy.\n * Gazetteer: Update countries.json file to allow for linking to\n 3-letter country codes.\n * Config: Fix Docker builds by correcting formatting in sample.ini.\n * Explore: Fix encoding of internal URLs.\n - Update to version 8.1.0-beta1\n * Alerting: Add Alertmanager notifications tab.\n * Alerting: Add button to deactivate current Alertmanager\n * Alerting: Add toggle in Loki/Prometheus data source configuration to\n opt out of alerting UI.\n * Alerting: Allow any \"evaluate for\" value >=0 in the alert rule form.\n * Alerting: Load default configuration from status endpoint, if Cortex\n Alertmanager returns empty user configuration.\n * Alerting: view to display alert rule and its underlying data.\n * Annotation panel: Release the annotation panel.\n * Annotations: Add typeahead support for tags in built-in annotations.\n * AzureMonitor: Add curated dashboards for Azure services.\n * AzureMonitor: Add support for deep links to Microsoft Azure portal\n for Metrics.\n * AzureMonitor: Remove support for different credentials for Azure\n Monitor Logs.\n * AzureMonitor: Support querying any Resource for Logs queries.\n * Elasticsearch: Add frozen indices search support.\n * Elasticsearch: Name fields after template variables values instead\n of their name.\n * Elasticsearch: add rate aggregation.\n * Email: Allow configuration of content types for email notifications.\n * Explore: Add more meta information when line limit is hit.\n * Explore: UI improvements to trace view.\n * FieldOverrides: Added support to change display name in an\n override field and have it be matched by a later rule.\n * HTTP Client: Introduce dataproxy_max_idle_connections config\n variable.\n * InfluxDB: InfluxQL: adds tags to timeseries data.\n * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy\n Alerting: Replace simplejson with a struct in webhook notification\n channel.\n * Legend: Updates display name for Last (not null) to just Last*.\n * Logs panel: Add option to show common labels.\n * Loki: Add $__range variable.\n * Loki: Add support for \"label_values(log stream selector, label)\" in\n templating.\n * Loki: Add support for ad-hoc filtering in dashboard.\n * MySQL Datasource: Add timezone parameter.\n * NodeGraph: Show gradient fields in legend.\n * PanelOptions: Don't mutate panel options/field config object when\n updating.\n * PieChart: Make pie gradient more subtle to match other charts.\n * Prometheus: Update PromQL typeahead and highlighting.\n * Prometheus: interpolate variable for step field.\n * Provisioning: Improve validation by validating across all dashboard\n providers.\n * SQL Datasources: Allow multiple string/labels columns with time\n series.\n * Select: Portal select menu to document.body.\n * Team Sync: Add group mapping to support team sync in the Generic\n OAuth provider.\n * Tooltip: Make active series more noticeable.\n * Tracing: Add support to configure trace to logs start and end time.\n * Transformations: Skip merge when there is only a single data frame.\n * ValueMapping: Added support for mapping text to color, boolean\n values, NaN and Null. Improved UI for value mapping.\n * Visualizations: Dynamically set any config (min, max, unit, color,\n thresholds) from query results.\n * live: Add support to handle origin without a value for the port when\n matching with root_url.\n * Alerting: Handle marshaling Inf values.\n * AzureMonitor: Fix macro resolution for template variables.\n * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes\n resources.\n * AzureMonitor: Request and concat subsequent resource pages.\n * Bug: Fix parse duration for day.\n * Datasources: Improve error handling for error messages.\n * Explore: Correct the functionality of shift-enter shortcut across\n all uses.\n * Explore: Show all dataFrames in data tab in Inspector.\n * GraphNG: Fix Tooltip mode 'All' for XYChart.\n * Loki: Fix highlight of logs when using filter expressions with\n backticks.\n * Modal: Force modal content to overflow with scroll.\n * Plugins: Ignore symlinked folders when verifying plugin signature.\n * Toolkit: Improve error messages when tasks fail.\n - Update to version 8.0.7\n - Update to version 8.0.6\n * Alerting: Add annotation upon alert state change.\n * Alerting: Allow space in label and annotation names.\n * InfluxDB: Improve legend labels for InfluxDB query results.\n * Alerting: Fix improper alert by changing the handling of empty\n labels.\n * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.\n * Dashboard: Avoid migration breaking on fieldConfig without defaults\n field in folded panel.\n * DashboardList: Fix issue not re-fetching dashboard list after\n variable change.\n * Database: Fix incorrect format of isolation level configuration\n parameter for MySQL.\n * InfluxDB: Correct tag filtering on InfluxDB data.\n * Links: Fix links that caused a full page reload.\n * Live: Fix HTTP error when InfluxDB metrics have an incomplete\n or asymmetrical field set.\n * Postgres/MySQL/MSSQL: Change time field to \"Time\" for time series\n queries.\n * Postgres: Fix the handling of a null return value in query\n * Tempo: Show hex strings instead of uints for IDs.\n * TimeSeries: Improve tooltip positioning when tooltip\n overflows.\n * Transformations: Add 'prepare time series' transformer.\n - Update to version 8.0.5\n * Cloudwatch Logs: Send error down to client.\n * Folders: Return 409 Conflict status when folder already exists.\n * TimeSeries: Do not show series in tooltip if it's hidden in the viz.\n * AzureMonitor: Fix issue where resource group name is missing\n on the resource picker button.\n * Chore: Fix AWS auth assuming role with workspace IAM.\n * DashboardQueryRunner: Fixes unrestrained subscriptions being\n * DateFormats: Fix reading correct setting key for use_browser_locale.\n * Links: Fix links to other apps outside Grafana when under sub path.\n * Snapshots: Fix snapshot absolute time range issue.\n * Table: Fix data link color.\n * Time Series: Fix X-axis time format when tick increment is larger\n than a year.\n * Tooltip Plugin: Prevent tooltip render if field is undefined.\n - Update to version 8.0.4\n * Live: Rely on app url for origin check.\n * PieChart: Sort legend descending, update placeholder.\n * TimeSeries panel: Do not reinitialize plot when thresholds mode\n change.\n * Elasticsearch: Allow case sensitive custom options in date_histogram\n interval.\n * Elasticsearch: Restore previous field naming strategy when using\n variables.\n * Explore: Fix import of queries between SQL data sources.\n * InfluxDB: InfluxQL query editor: fix retention policy handling.\n * Loki: Send correct time range in template variable queries.\n * TimeSeries: Preserve RegExp series overrides when migrating from old\n graph panel.\n - Update to version 8.0.3\n * Alerting: Increase alertmanager_conf column if MySQL.\n * Time series/Bar chart panel: Handle infinite numbers as nulls when\n converting to plot array.\n * TimeSeries: Ensure series overrides that contain color are migrated,\n and migrate the previous fieldConfig when changing the panel type.\n * ValueMappings: Improve singlestat value mappings migration.\n * Annotations: Fix annotation line and marker colors.\n * AzureMonitor: Fix KQL template variable queries without default\n workspace.\n * CloudWatch/Logs: Fix missing response data for log queries.\n * LibraryPanels: Fix crash in library panels list when panel plugin is\n not found.\n * LogsPanel: Fix performance drop when moving logs panel in\n * Loki: Parse log levels when ANSI coloring is enabled.\n * MSSQL: Fix issue with hidden queries still being executed.\n * PanelEdit: Display the VisualizationPicker that was not displayed if\n a panel has an unknown panel plugin.\n * Plugins: Fix loading symbolically linked plugins.\n * Prometheus: Fix issue where legend name was replaced with name Value\n in stat and gauge panels.\n * State Timeline: Fix crash when hovering over panel.\n - Update to version 8.0.2\n * Datasource: Add support for max_conns_per_host in dataproxy settings.\n * Configuration: Fix changing org preferences in FireFox.\n * PieChart: Fix legend dimension limits.\n * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.\n * Variables: Hide default data source if missing from regex.\n - Update to version 8.0.1\n * Alerting/SSE: Fix \"count_non_null\" reducer validation.\n * Cloudwatch: Fix duplicated time series.\n * Cloudwatch: Fix missing defaultRegion.\n * Dashboard: Fix Dashboard init failed error on dashboards with\n old singlestat panels in collapsed rows.\n * Datasource: Fix storing timeout option as numeric.\n * Postgres/MySQL/MSSQL: Fix annotation parsing for empty\n * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned\n from query variables.\n * Postgres: Fix an error that was thrown when the annotation query did\n not return any results.\n * StatPanel: Fix an issue with the appearance of the graph when\n switching color mode.\n * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart\n panels where all values mode were showing the same name if they had\n the same value.\n * Toolkit: Resolve external fonts when Grafana is served from a sub\n path.\n - Update to version 8.0.0\n * The following endpoints were deprecated for Grafana v5.0 and support\n for them has now been removed: GET /dashboards/db/:slug GET\n /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE\n /api/dashboards/db/:slug\n * AzureMonitor: Require default subscription for workspaces() template\n variable query.\n * AzureMonitor: Use resource type display names in the UI.\n * Dashboard: Remove support for loading and deleting dashboard by slug.\n * InfluxDB: Deprecate direct browser access in data source.\n * VizLegend: Add a read-only property.\n * AzureMonitor: Fix Azure Resource Graph queries in Azure China.\n * Checkbox: Fix vertical layout issue with checkboxes due to fixed\n height.\n * Dashboard: Fix Table view when editing causes the panel data to not\n update.\n * Dashboard: Fix issues where unsaved-changes warning is not displayed.\n * Login: Fixes Unauthorized message showing when on login page\n or snapshot page.\n * NodeGraph: Fix sorting markers in grid view.\n * Short URL: Include orgId in generated short URLs.\n * Variables: Support raw values of boolean type.\n - Update to version 8.0.0-beta3\n * The default HTTP method for Prometheus data source is now POST.\n * API: Support folder UID in dashboards API.\n * Alerting: Add support for configuring avatar URL for the Discord\n notifier.\n * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs.\n * Azure: Expose Azure settings to external plugins.\n * AzureMonitor: Deprecate using separate credentials for Azure Monitor\n Logs.\n * AzureMonitor: Display variables in resource picker for Azure\n * AzureMonitor: Hide application insights for data sources not using\n it.\n * AzureMonitor: Support querying subscriptions and resource groups in\n Azure Monitor Logs.\n * AzureMonitor: remove requirement for default subscription.\n * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.\n * CloudWatch: Add missing AWS AppSync metrics.\n * ConfirmModal: Auto focus delete button.\n * Explore: Add caching for queries that are run from logs\n * Loki: Add formatting for annotations.\n * Loki: Bring back processed bytes as meta information.\n * NodeGraph: Display node graph collapsed by default with trace view.\n * Overrides: Include a manual override option to hide something from\n visualization.\n * PieChart: Support row data in pie charts.\n * Prometheus: Update default HTTP method to POST for existing data\n sources.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * Admin: Fix infinite loading edit on the profile page.\n * Color: Fix issues with random colors in string and date\n * Dashboard: Fix issue with title or folder change has no effect after\n exiting settings view.\n * DataLinks: Fix an issue __series.name is not working in data link.\n * Datasource: Fix dataproxy timeout should always be applied for\n outgoing data source HTTP requests.\n * Elasticsearch: Fix NewClient not passing httpClientProvider to\n client impl.\n * Explore: Fix Browser title not updated on Navigation to Explore.\n * GraphNG: Remove fieldName and hideInLegend properties from\n UPlotSeriesBuilder.\n * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD\n OAuth when no role claims exists.\n * PanelChrome: Fix issue with empty panel after adding a non data\n panel and coming back from panel edit.\n * StatPanel: Fix data link tooltip not showing for single value.\n * Table: Fix sorting for number fields.\n * Table: Have text underline for datalink, and add support for image\n datalink.\n * Transformations: Prevent FilterByValue transform from crashing panel\n edit.\n - Update to version 8.0.0-beta2\n * AppPlugins: Expose react-router to apps.\n * AzureMonitor: Add Azure Resource Graph.\n * AzureMonitor: Managed Identity configuration UI.\n * AzureMonitor: Token provider with support for Managed Identities.\n * AzureMonitor: Update Logs workspace() template variable query to\n return resource URIs.\n * BarChart: Value label sizing.\n * CloudMonitoring: Add support for preprocessing.\n * CloudWatch: Add AWS/EFS StorageBytes metric.\n * CloudWatch: Allow use of missing AWS namespaces using custom\n * Datasource: Shared HTTP client provider for core backend data\n sources and any data source using the data source proxy.\n * InfluxDB: InfluxQL: allow empty tag values in the query editor.\n * Instrumentation: Instrument incoming HTTP request with histograms by\n default.\n * Library Panels: Add name endpoint & unique name validation to\n AddLibraryPanelModal.\n * Logs panel: Support details view.\n * PieChart: Always show the calculation options dropdown in the\n * PieChart: Remove beta flag.\n * Plugins: Enforce signing for all plugins.\n * Plugins: Remove support for deprecated backend plugin protocol\n version.\n * Tempo/Jaeger: Add better display name to legend.\n * Timeline: Add time range zoom.\n * Timeline: Adds opacity & line width option.\n * Timeline: Value text alignment option.\n * ValueMappings: Add duplicate action, and disable dismiss on backdrop\n click.\n * Zipkin: Add node graph view to trace response.\n * Annotations panel: Remove subpath from dashboard links.\n * Content Security Policy: Allow all image sources by default.\n * Content Security Policy: Relax default template wrt. loading\n of scripts, due to nonces not working.\n * Datasource: Fix tracing propagation for alert execution by\n introducing HTTP client outgoing tracing middleware.\n * InfluxDB: InfluxQL always apply time interval end.\n * Library Panels: Fixes \"error while loading library panels\".\n * NewsPanel: Fixes rendering issue in Safari.\n * PanelChrome: Fix queries being issued again when scrolling in and\n out of view.\n * Plugins: Fix Azure token provider cache panic and auth param nil\n value.\n * Snapshots: Fix key and deleteKey being ignored when creating an\n external snapshot.\n * Table: Fix issue with cell border not showing with colored\n background cells.\n * Table: Makes tooltip scrollable for long JSON values.\n * TimeSeries: Fix for Connected null values threshold toggle during\n panel editing.\n * Variables: Fixes inconsistent selected states on dashboard\n * Variables: Refreshes all panels even if panel is full screen.\n * QueryField: Remove carriage return character from pasted text.\n - Update to version 8.0.0-beta1\n + License update:\n * AGPL License: Update license from Apache 2.0 to the GNU Affero\n General Public License (AGPL).\n * Removes the never refresh option for Query variables.\n * Removes the experimental Tags feature for Variables.\n + Deprecations:\n * The InfoBox & FeatureInfoBox are now deprecated please use the Alert\n component instead with severity info.\n * API: Add org users with pagination.\n * API: Return 404 when deleting nonexistent API key.\n * API: Return query results as JSON rather than base64 encoded Arrow.\n * Alerting: Allow sending notification tags to Opsgenie as extra\n properties.\n * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert.\n * Auth: Add support for JWT Authentication.\n * AzureMonitor: Add support for Microsoft.SignalRService/SignalR\n metrics.\n * AzureMonitor: Azure settings in Grafana server config.\n * AzureMonitor: Migrate Metrics query editor to React.\n * BarChart panel: enable series toggling via legend.\n * BarChart panel: Adds support for Tooltip in BarChartPanel.\n * PieChart panel: Change look of highlighted pie slices.\n * CloudMonitoring: Migrate config editor from angular to react.\n * CloudWatch: Add Amplify Console metrics and dimensions.\n * CloudWatch: Add missing Redshift metrics to CloudWatch data\n * CloudWatch: Add metrics for managed RabbitMQ service.\n * DashboardList: Enable templating on search tag input.\n * Datasource config: correctly remove single custom http header.\n * Elasticsearch: Add generic support for template variables.\n * Elasticsearch: Allow omitting field when metric supports inline\n script.\n * Elasticsearch: Allow setting a custom limit for log queries.\n * Elasticsearch: Guess field type from first non-empty value.\n * Elasticsearch: Use application/x-ndjson content type for multisearch\n requests.\n * Elasticsearch: Use semver strings to identify ES version.\n * Explore: Add logs navigation to request more logs.\n * Explore: Map Graphite queries to Loki.\n * Explore: Scroll split panes in Explore independently.\n * Explore: Wrap each panel in separate error boundary.\n * FieldDisplay: Smarter naming of stat values when visualising row\n values (all values) in stat panels.\n * Graphite: Expand metric names for variables.\n * Graphite: Handle unknown Graphite functions without breaking the\n visual editor.\n * Graphite: Show graphite functions descriptions.\n * Graphite: Support request cancellation properly (Uses new\n backendSrv.fetch Observable request API).\n * InfluxDB: Flux: Improve handling of complex response-structures.\n * InfluxDB: Support region annotations.\n * Inspector: Download logs for manual processing.\n * Jaeger: Add node graph view for trace.\n * Jaeger: Search traces.\n * Loki: Use data source settings for alerting queries.\n * NodeGraph: Exploration mode.\n * OAuth: Add support for empty scopes.\n * PanelChrome: New logic-less emotion based component with no\n dependency on PanelModel or DashboardModel.\n * PanelEdit: Adds a table view toggle to quickly view data in table\n form.\n * PanelEdit: Highlight matched words when searching options.\n * PanelEdit: UX improvements.\n * Plugins: PanelRenderer and simplified QueryRunner to be used from\n plugins.\n * Plugins: AuthType in route configuration and params interpolation.\n * Plugins: Enable plugin runtime install/uninstall capabilities.\n * Plugins: Support set body content in plugin routes.\n * Plugins: Introduce marketplace app.\n * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be\n reused in plugins.\n * Prometheus: Add custom query params for alert and exemplars\n * Prometheus: Use fuzzy string matching to autocomplete metric names\n and label.\n * Routing: Replace Angular routing with react-router.\n * Slack: Use chat.postMessage API by default.\n * Tempo: Search for Traces by querying Loki directly from Tempo.\n * Tempo: Show graph view of the trace.\n * Themes: Switch theme without reload using global shortcut.\n * TimeSeries panel: Add support for shared cursor.\n * TimeSeries panel: Do not crash the panel if there is no time series\n data in the response.\n * Variables: Do not save repeated panels, rows and scopedVars.\n * Variables: Removes experimental Tags feature.\n * Variables: Removes the never refresh option.\n * Visualizations: Unify tooltip options across visualizations.\n * Visualizations: Refactor and unify option creation between new\n visualizations.\n * Visualizations: Remove singlestat panel.\n * APIKeys: Fixes issue with adding first api key.\n * Alerting: Add checks for non supported units - disable defaulting to\n seconds.\n * Alerting: Fix issue where Slack notifications won't link to user IDs.\n * Alerting: Omit empty message in PagerDuty notifier.\n * AzureMonitor: Fix migration error from older versions of App\n Insights queries.\n * CloudWatch: Fix AWS/Connect dimensions.\n * CloudWatch: Fix broken AWS/MediaTailor dimension name.\n * Dashboards: Allow string manipulation as advanced variable format\n option.\n * DataLinks: Includes harmless extended characters like Cyrillic\n characters.\n * Drawer: Fixes title overflowing its container.\n * Explore: Fix issue when some query errors were not shown.\n * Generic OAuth: Prevent adding duplicated users.\n * Graphite: Handle invalid annotations.\n * Graphite: Fix autocomplete when tags are not available.\n * InfluxDB: Fix Cannot read property 'length' of undefined in when\n parsing response.\n * Instrumentation: Enable tracing when Jaeger host and port are\n * Instrumentation: Prefix metrics with grafana.\n * MSSQL: By default let driver choose port.\n * OAuth: Add optional strict parsing of role_attribute_path.\n * Panel: Fixes description markdown with inline code being rendered on\n newlines and full width.\n * PanelChrome: Ignore data updates & errors for non data panels.\n * Permissions: Fix inherited folder permissions can prevent new\n permissions being added to a dashboard.\n * Plugins: Remove pre-existing plugin installs when installing with\n grafana-cli.\n * Plugins: Support installing to folders with whitespace and fix\n pluginUrl trailing and leading whitespace failures.\n * Postgres/MySQL/MSSQL: Don't return connection failure details to the\n client.\n * Postgres: Fix ms precision of interval in time group macro when\n TimescaleDB is enabled.\n * Provisioning: Use dashboard checksum field as change indicator.\n * SQL: Fix so that all captured errors are returned from sql engine.\n * Shortcuts: Fixes panel shortcuts so they always work.\n * Table: Fixes so border is visible for cells with links.\n * Variables: Clear query when data source type changes.\n * Variables: Filters out builtin variables from unknown list.\n * Button: Introduce buttonStyle prop.\n * DataQueryRequest: Remove deprecated props showingGraph and\n showingTabel and exploreMode.\n * grafana/ui: Update React Hook Form to v7.\n * IconButton: Introduce variant for red and blue icon buttons.\n * Plugins: Expose the getTimeZone function to be able to get the\n current selected timeZone.\n * TagsInput: Add className to TagsInput.\n * VizLegend: Move onSeriesColorChanged to PanelContext (breaking\n change).\n - Update to version 7.5.13\n * Alerting: Fix NoDataFound for alert rules using AND operator.\n\n mgr-cfg:\n\n - Version 4.2.8-1\n * Fix the condition for preventing building python 2 subpackage for\n SLE15 (bsc#1197579)\n - Version 4.2.7-1\n * Fix installation problem for SLE15SP4 due missing python-selinux\n\n mgr-osad:\n\n - Version 4.2.8-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n mgr-push:\n\n - Version 4.2.5-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n mgr-virtualization:\n\n - Version 4.2.4-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n prometheus-postgres_exporter:\n\n - Version 0.10.0\n * Added hardening to systemd service(s) with changes to\n `prometheus-postgres_exporter.service` (bsc#1181400)\n * Package rename from golang-github-wrouesnel-postgres_exporter\n (jsc#SLE-23051)\n\n rhnlib:\n\n - Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n spacecmd:\n\n - Version 4.2.16-1\n * implement system.bootstrap (bsc#1194909)\n * Fix interactive mode for \"system_applyerrata\" and \"errata_apply\"\n (bsc#1194363)\n\n spacewalk-client-tools:\n\n - Version 4.2.18-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n - Version 4.2.17-1\n * Update translation strings\n\n spacewalk-koan:\n\n - Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n spacewalk-oscap:\n\n - Version 4.2.4-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n suseRegisterInfo:\n\n - Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-1396=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-1396=1\n\n - SUSE Manager Tools 15:\n\n zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-1396=1\n\n - SUSE Linux Enterprise Module for SUSE Manager Server 4.2:\n\n zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1396=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "suse", "title": "Security update for SUSE Manager Client Tools (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-3711", "CVE-2021-39226", "CVE-2021-41174", "CVE-2021-41244", "CVE-2021-43798", "CVE-2021-43813", "CVE-2021-43815", "CVE-2022-21673", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713"], "modified": "2022-04-25T00:00:00", "id": "SUSE-SU-2022:1396-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ESPDBLVWSZSR5FGSXSIJXGNV5FP6I3Z5/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "altlinux": [{"lastseen": "2023-03-31T16:56:45", "description": "8.1.8-alt1 built Dec. 16, 2021 Alexey Shabalin in task #291697\n\nDec. 9, 2021 Alexey Shabalin\n \n \n - 8.1.8 (Fixes: CVE-2021-43798, CVE-2021-39226)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-16T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package grafana version 8.1.8-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226", "CVE-2021-43798"], "modified": "2021-12-16T00:00:00", "id": "C5B2C7A9727684FD9FCB2E7C2A4BB349", "href": "https://packages.altlinux.org/en/p10/srpms/grafana/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-07T11:55:26", "description": "7.5.13-alt1 built Jan. 31, 2022 Alexey Shabalin in task #291700\n\nJan. 26, 2022 Alexey Shabalin\n \n \n - 7.5.13 (Fixes: CVE-2021-39226, CVE-2021-43813)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2022-01-31T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package grafana version 7.5.13-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39226", "CVE-2021-43813"], "modified": "2022-01-31T00:00:00", "id": "B828D5FB8C6F7FB129FB7CAEF9DB98EC", "href": "https://packages.altlinux.org/en/p9/srpms/grafana/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-08-30T04:02:42", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgIeK3eJtR_et6MNbj0n-dcpg6m3XLALiJRPrhIA4yGOSfgFp4GFAJFR2Q3o31-tQcQpuVnc_WCTyR9yoih4dgeHa6orUrdUWCpDX1WWtymO1klV2EcDBa4OBds15BKHAGsEW3hPAVQ_HB772TkQVTfNrqyRvm5rY4qOkI7i3UarIAnOVC8LJfIZ0F3/s728-e100/CISA.jpg>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its [Known Exploited Vulnerabilities (KEV) Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), including a high-severity security flaw affecting industrial automation software from Delta Electronics.\n\nThe issue, tracked as [CVE-2021-38406](<https://nvd.nist.gov/vuln/detail/CVE-2021-38406>) (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful exploitation of the flaw may lead to arbitrary code execution.\n\n\"Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution,\" CISA said in an alert.\n\nIt's worth noting that CVE-2021-38406 was originally disclosed as part of an industrial control systems (ICS) advisory [published](<https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02>) in September 2021.\n\nHowever, there are no patches that address the vulnerability, with CISA noting that the \"impacted product is end-of-life and should be disconnected if still in use.\" Federal Civilian Executive Branch (FCEB) agencies are mandated to follow the guideline by September 15, 2022.\n\nNot much information is available about the nature of the attacks that exploit the security bug, but a recent report from Palo Alto Networks Unit 42 [pointed out](<https://unit42.paloaltonetworks.com/recent-exploits-network-security-trends/>) instances of in-the-wild attacks leveraging the flaw between February and April 2022.\n\nThe development adds weight to the notion that adversaries are getting faster at exploiting newly published vulnerabilities when they are first disclosed, leading to indiscriminate and opportunistic scanning attempts that aim to take advantage of delayed patching.\n\nThese attacks often follow a specific sequence for exploitation that involves web shells, crypto miners, botnets, and remote access trojans (RATs), followed by initial access brokers (IABs) that then pave the way for ransomware.\n\nAmong other actively exploited flaws added to the list are as follows -\n\n * [**CVE-2022-26352**](<https://nvd.nist.gov/vuln/detail/CVE-2022-26352>) \\- dotCMS Unrestricted Upload of File Vulnerability\n * [**CVE-2022-24706**](<https://nvd.nist.gov/vuln/detail/CVE-2022-24706>) \\- Apache CouchDB Insecure Default Initialization of Resource Vulnerability\n * [**CVE-2022-24112**](<https://nvd.nist.gov/vuln/detail/cve-2022-24112>) \\- Apache APISIX Authentication Bypass Vulnerability\n * [**CVE-2022-22963**](<https://nvd.nist.gov/vuln/detail/CVE-2022-22963>) \\- VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability\n * [**CVE-2022-2294**](<https://nvd.nist.gov/vuln/detail/CVE-2022-2294>) \\- WebRTC Heap Buffer Overflow Vulnerability\n * [**CVE-2021-39226**](<https://nvd.nist.gov/vuln/detail/CVE-2021-39226>) \\- Grafana Authentication Bypass Vulnerability\n * [**CVE-2020-36193**](<https://nvd.nist.gov/vuln/detail/CVE-2020-36193>) \\- PEAR Archive_Tar Improper Link Resolution Vulnerability\n * [**CVE-2020-28949**](<https://nvd.nist.gov/vuln/detail/CVE-2020-28949>) \\- PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability\n\n### iOS and macOS flaw added to the list\n\nAnother high-severity flaw added to the KEV Catalog is [**CVE-2021-31010**](<https://nvd.nist.gov/vuln/detail/CVE-2021-31010>) (CVSS score: 7.5), a deserialization issue in Apple's Core Telephony component that could be leveraged to circumvent sandbox restrictions.\n\nThe tech giant addressed the shortcoming in iOS 12.5.5, iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6 (and Security Update 2021-005 Catalina), and watchOS 7.6.2 released in September 2021.\n\nWhile there were no indications that the flaw was being exploited at the time, the tech giant appears to have silently revised its advisories on May 25, 2022 to add the vulnerability and confirm that it had indeed been abused in attacks.\n\n\"Apple was aware of a report that this issue may have been actively exploited at the time of release,\" the iPhone maker noted, crediting Citizen Lab and Google Project Zero for the discovery.\n\nThe September update is also notable for [remediating](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) CVE-2021-30858 and CVE-2021-30860, both of which were [employed by NSO Group](<https://thehackernews.com/2021/08/bahraini-activists-targeted-using-new.html>), the makers of the Pegasus spyware, to get around the operating systems' security features.\n\nThis raises the possibility that CVE-2021-31010 may have been stringed together with the aforementioned two flaws in an attack chain to escape the sandbox and achieve arbitrary code execution.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-29T04:23:00", "type": "thn", "title": "CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28949", "CVE-2020-36193", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-31010", "CVE-2021-38406", "CVE-2021-39226", "CVE-2022-2294", "CVE-2022-22963", "CVE-2022-24112", "CVE-2022-24706", "CVE-2022-26352"], "modified": "2022-08-30T03:22:27", "id": "THN:5D50D5AA81EE14FA1044614364EAEBC6", "href": "https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2021-39226
