Fluid Attacks Database

Description

Denial of service in Grafana The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

Specific Go Packages Affected

github.com/grafana/grafana/pkg/middleware

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/grafana/grafana	>=6.7.3 <7.4.2	7.4.2
go	github.com/grafana/grafana/pkg/middleware	>=6.7.3 <7.4.2	7.4.2
rpm rhel8	grafana	<0:7.5.9-4.el8	0:7.5.9-4.el8

Aliases

1. CVE-2021-273582. NVD-2021-273583. OSV-2021-273584. GHSA-h5rh-w6vm-9ghc5. GCVE-2021-27358

References

1. https://github.com/grafana/grafana/pull/312632. https://github.com/grafana/grafana/blob/master/CHANGELOG.md3. https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-174. https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-25. https://security.netapp.com/advisory/ntap-20210513-00076. https://vulncheck.com/cve/CVE-2021-273587. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-27358.yaml8. https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/9. https://security.netapp.com/advisory/ntap-20210513-0007/

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.