what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2021-39226

Status Candidate

Overview

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.

Related Files

Red Hat Security Advisory 2022-6308-01
Posted Sep 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. Issues addressed include bypass and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-39226, CVE-2022-0494, CVE-2022-1353, CVE-2022-2526, CVE-2022-26945, CVE-2022-29154, CVE-2022-30321, CVE-2022-30322, CVE-2022-30323, CVE-2022-30631
SHA-256 | f4ec47e45b2995e738ba4d5c413b3b051001f01fbe44c23ae6384ac45cd9c4fd
Red Hat Security Advisory 2022-6322-01
Posted Sep 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6322-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.59. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-39226, CVE-2022-0494, CVE-2022-1353, CVE-2022-2526, CVE-2022-29154
SHA-256 | b37c61fa9b0a01715103937414cdcd1f8bbc6653e67753636e2aab8aac2a3188
Red Hat Security Advisory 2022-6317-01
Posted Sep 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6317-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-39226, CVE-2022-0494, CVE-2022-1353, CVE-2022-2526, CVE-2022-29154
SHA-256 | 3f15efc05225b6294bf65a1ea6b228f58c09a6d5457425ee2388893c1ab723c3
Red Hat Security Advisory 2022-6262-01
Posted Sep 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6262-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-39226, CVE-2022-1353, CVE-2022-21540, CVE-2022-21541, CVE-2022-2526, CVE-2022-29154, CVE-2022-30631, CVE-2022-34169
SHA-256 | 72548ddc1adb7743918cfe4de6f5c9572a4cdabfee46870057e2ef7ea8b5251e
Red Hat Security Advisory 2022-6252-02
Posted Sep 7, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6252-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-26116, CVE-2020-26137, CVE-2021-3177, CVE-2021-39226, CVE-2021-46784, CVE-2022-1271, CVE-2022-1552, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21540, CVE-2022-21541, CVE-2022-2526, CVE-2022-29154
SHA-256 | 3579463a99c4e63010aef250904c7f9f1b1b3fbe1da0e14d8bd0f44d9140902f
Red Hat Security Advisory 2021-3771-01
Posted Oct 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3771-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-39226
SHA-256 | 40b2c1d43338d8f5402aab9d3170850fcf87cf04b8643d51b7a97858a50e8231
Red Hat Security Advisory 2021-3770-01
Posted Oct 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3770-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-39226
SHA-256 | 85148de13ec9a22e2ac3d2a41d27e94c1cd454b560e705a92e902077afc03c2f
Red Hat Security Advisory 2021-3769-01
Posted Oct 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3769-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-39226
SHA-256 | e9ac82897e77bf5ce3c32c94cc17c381ae2487cea44b74d0e7ecaa7971d536c9
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close