Detections
Analytics

FreeBSD : Grafana -- Snapshot authentication bypass (757ee63b-269a-11ec-a616-6c3be5272acd)

high Nessus Plugin ID 154658

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Grafana Labs reports :

Unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths :

- /dashboard/snapshot/:key, or

- /api/snapshots/:key

If the snapshot 'public_mode' configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path :

- /api/snapshots-delete/:deleteKey

Regardless of the snapshot 'public_mode' setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths :

- /api/snapshots/:key, or

- /api/snapshots-delete/:deleteKey

The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?caaa986c

http://www.nessus.org/u?da1286a2

Plugin Details

Severity: High

ID: 154658

File Name: freebsd_pkg_757ee63b269a11eca6166c3be5272acd.nasl

Version: 1.3

Type: local

Published: 10/28/2021

Updated: 8/29/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-39226

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:grafana, p-cpe:/a:freebsd:freebsd:grafana6, p-cpe:/a:freebsd:freebsd:grafana7, p-cpe:/a:freebsd:freebsd:grafana8, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/6/2021

Vulnerability Publication Date: 9/15/2021

CISA Known Exploited Vulnerability Due Dates: 9/15/2022

Reference Information

CVE: CVE-2021-39226