The infosec industry usually comes together after a few CVEs, and we benefit from that extra scrutiny. We identified several vulnerability issues in the last few weeks and at a higher rate than in the years before. Out of an abundance of caution and given that both CVE-2021-43813 and CVE-2021-43815 are only CVSS Score 4.3 Moderate CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N through their limited scope, we are immediately releasing to the public and on a Friday. Given the attention CVE-2021-43798 has brought, there’s a risk that additional researchers will find CVE-2021-43813. If you haven’t read about that high severity security fix, we recommend you review the initial blog post along with our update on the 0day. This is a follow-up patch to our recent CVE-2021-43798 release. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable. csv vulnerability requires a developer testing tool called TestData DB data source to be enabled and configured, and this feature is not enabled per default. The vulnerabilities are limited in scope, and only allow access to files with the extension. This patch release includes a moderate severity security fix for directory traversal for: Today we are releasing Grafana 8.3.2 and 7.5.12.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |