FLAT-GS187 – Vulnerability | Fluid Attacks Database

Database

Description

authentication bypass

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/grafana/grafana	>=0 <7.5.11 \|\| >=8.0.0 <8.1.6	7.5.11, 8.1.6
rpm rhel8.2	grafana	<0:6.3.6-3.el8_2	0:6.3.6-3.el8_2
rpm rhel8.1	grafana	<0:6.2.2-7.el8_1	0:6.2.2-7.el8_1
rpm rhel8	grafana	<0:7.3.6-3.el8_4	0:7.3.6-3.el8_4
alpm rolling_release	grafana	>=8.1.5-1 <8.1.6-1	8.1.6-1

Aliases

1. CVE-2021-392262. NVD-2021-392263. OSV-2021-392264. GHSA-69j6-29vr-p3j95. GCVE-2021-39226

References

1. https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j92. https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f06672693. https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-114. https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-65. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT6. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG7. https://lists.fedoraproject.org/archives/list/[email protected]/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT8. https://lists.fedoraproject.org/archives/list/[email protected]/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG9. https://security.netapp.com/advisory/ntap-20211029-000810. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3922611. http://www.openwall.com/lists/oss-security/2021/10/05/412. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-39226.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.