CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Sep 15, 2022

CVE-2021-39226

High

EPSS 94.3%CISA KEV

Description

Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.

EPSS — Exploit Probability

94.3%

Higher than 100.0% of all CVEs

Required Action

https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/; https://nvd.nist.gov/vuln/detail/CVE-2021-39226

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 94.3%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Aug 25, 2022

Added to KEV

Aug 25, 2022

Remediation Due

Sep 15, 2022

Affected Product

Grafana Labs

Grafana

View all Grafana Labs CVEs

External Links

NVD (NIST)CVE Details MITRE CVE