FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Snapshot authentication bypass

Affected packages
8.0.0 <= grafana < 8.1.6
2.0.1 <= grafana < 7.5.11
8.0.0 <= grafana6 < 8.1.6
2.0.1 <= grafana6 < 7.5.11
8.0.0 <= grafana7 < 8.1.6
2.0.1 <= grafana7 < 7.5.11
8.0.0 <= grafana8 < 8.1.6
2.0.1 <= grafana8 < 7.5.11

Details

VuXML ID 757ee63b-269a-11ec-a616-6c3be5272acd
Discovery 2021-09-15
Entry 2021-10-06

Grafana Labs reports:

Unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths:

If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path:

Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths:

The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.

[source]

References

CVE Name CVE-2021-39226
URL https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.