CVE-2021-39226 — Grafana Authentication Bypass Vulnerability
2022-08-25 • CISA Known Exploited Vulnerability
[event] Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Grafana Labs |
| Product | Grafana |
| CWE | CWE-287 |
| CVE ID | CVE-2021-39226 |
| Date Added | 2022-08-25 |
| Due Date | 2022-09-15 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-09-15