12/30/2023 0 Comments Twitch data breach 2020If you are a Perch IDS customer, these signatures have already been applied to your sensor. Meanwhile, the CRU has developed a few IDS signatures to help detect when someone is misusing this vulnerability. This vulnerability has been patched, so if you are currently running a vulnerable version, we recommend upgrading as soon as possible. The result could be leaking private data and possible data loss. By viewing and then deleting the snapshot with the lowest database key, a malicious user could iterate through all stored snapshot on any Grafana system, stealing the data and then deleting it. If “public_mode” is not set, then any authenticated user can still delete the snapshot with the lowest database key. The vulnerability, CVE-2021-39226 ( ), is described as an authentication bypass vulnerability as it will allow an unauthenticated user to always access the lowest database key using one of the following paths:Īdditionally, if the “public_mode” configuration option is set, an unauthenticated user can delete the snapshot with the lowest database key. These dashboard snapshots can be shared with a unique URL based on a unique key created when you take the snapshot. Essentially, the snapshot no longer depends on the original data, but provides a point-in-time view of a specific dashboard. When a user creates a snapshot, sensitive data is stripped leaving only the visible metric data and series name embedded in your dashboard. A dashboard snapshot is a feature in Grafana that was designed to let you share an interactive dashboard publicly. Earlier this week, Grafana released two new versions, 7.5.11 and 8.1.6, which address a critical vulnerability recently discovered in Grafana’s snapshot feature. Grafana is an open-source, multi-platform analytics platform that lets you create graphs, charts, and alerts on whatever data you give it access to. Grafana Authentication Bypass Vulnerability
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |