All vulnerabilities
CVE-2021-39226
Grafana Authentication Bypass Vulnerability
Grafana Labs — Grafana
- Added to KEV catalog
- 25 August 2022
- Federal remediation due date
- 15 September 2022
- Weakness classification (CWE)
- CWE-287
CISA Description
Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
Required action
Apply updates per vendor instructions.
Notes
https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/; https://nvd.nist.gov/vuln/detail/CVE-2021-39226
More Grafana Labs Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services