Cybersecurity Alerts

Grafana Authentication Bypass Vulnerability

Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-287

References

• https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/
• https://nvd.nist.gov/vuln/detail/CVE-2021-39226