CVE-2021-39226: Authentication bypass for viewing and deletions of snapshots
(updated )
CVSS Score: 9.8 Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
We received a security report to security@grafana.com on 2021-09-15 about a vulnerability in Grafana regarding the snapshot feature. It was later identified as affecting Grafana versions from 2.0.1 to 8.1.6. CVE-2021-39226 has been assigned to this vulnerability.
References
- github.com/advisories/GHSA-69j6-29vr-p3j9
- github.com/grafana/grafana
- github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269
- github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9
- grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11
- grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG
- nvd.nist.gov/vuln/detail/CVE-2021-39226
- security.netapp.com/advisory/ntap-20211029-0008
Code Behaviors & Features
Detect and mitigate CVE-2021-39226 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →