CVE-2021-39226 - Grafana Authentication Bypass Vulnerability
Project:Grafana Labs
Product:Grafana
Date Added:2022-08-25Due Date:2022-09-15
Vulnerability Name
Grafana Authentication Bypass Vulnerability
Description
Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/
https://nvd.nist.gov/vuln/detail/CVE-2021-39226