.. / CVE-2021-39226

Exploit for Grafana Snapshot - Authentication Bypass (CVE-2021-39226)

Description:

Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).

Nuclei Template

View the template here CVE-2021-39226.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-39226.yaml

References:

https://github.com/advisories/GHSA-69j6-29vr-p3j9
https://nvd.nist.gov/vuln/detail/CVE-2021-39226
https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/
http://www.openwall.com/lists/oss-security/2021/10/05/4
https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269

.. / CVE-2021-39226 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Grafana Snapshot - Authentication Bypass (CVE-2021-39226)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-39226