CVE-2021-27358

Name
CVE-2021-27358
Description
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Release Notes https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/
Release Notes https://github.com/grafana/grafana/blob/master/CHANGELOG.md
CONFIRM https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17
CONFIRM https://security.netapp.com/advisory/ntap-20210513-0007/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* grafana >= None < 7.4.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
grafana 3.13-community 7.3.6-r0 Konstantin Kulikov <k.kulikov2@gmail.com> possibly vulnerable