Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-27358

EPSS 87.05% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-27358

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Grafana 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Grafana是Grafana实验室的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana before 7.4.1 存在安全漏洞,该漏洞允许未经身份验证的远程攻击者通过远程API调用触发拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2021-27358

#POC DescriptionSource LinkShenlong Link
1Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-27358.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-27358

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-03-18 · 45 CVEs total

CVE-2021-233597.5 HIGHArbitrary Command Injection
CVE-2019-14850Libguestfs Nbdkit 安全漏洞
CVE-2021-28791Valentin Knabel vscode-swiftformat 安全漏洞
CVE-2021-25764JetBrains PhpStorm 安全漏洞
CVE-2020-36144Redash 注入漏洞
CVE-2021-3416QEMU 安全漏洞
CVE-2021-27436研华 Advantech WebAccess/SCADA 跨站脚本漏洞
CVE-2021-26275NPM eslint-fixer 命令注入漏洞
CVE-2021-28653西部数据 Western Digital G-Technology ArmorLock NVMe SSD 安全漏洞
CVE-2020-9367ZOHO ManageEngine Desktop Central 代码问题漏洞
CVE-2020-35492cairo 缓冲区错误漏洞
CVE-2019-14852红帽 3scale 加密问题漏洞
CVE-2021-28160Amazon Wireless-N WiFi Repeater 跨站脚本漏洞
CVE-2019-3867RED HAT Quay web application 代码问题漏洞
CVE-2020-14516Rockwell Automation FactoryTalk Services Platform 安全漏洞
CVE-2021-22665Rockwell Automation DriveTools SP 和 Drives AOP 代码问题漏洞
CVE-2020-26155Utimaco SecurityServer 安全漏洞
CVE-2021-26216SeedDMS 跨站请求伪造漏洞
CVE-2021-26215SeedDMS 跨站请求伪造漏洞
CVE-2021-28145Portlandlabs Concrete5 跨站脚本漏洞

Showing top 20 of 45 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2021-27358

No comments yet

Leave a comment