Candidate: CVE-2021-27358
PublicDate: 2021-03-18 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27358
 https://github.com/grafana/grafana/blob/master/CHANGELOG.md
 https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/
Description:
 The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an
 unauthenticated remote attackers to trigger a Denial of Service via a
 remote API call if a commonly used configuration is set.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by: Marcus Efraimsson
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_grafana:
 upstream: https://github.com/grafana/grafana/pull/31263/files
upstream_grafana: released (7.4.2)
precise/esm_grafana: DNE
trusty_grafana: ignored (out of standard support)
trusty/esm_grafana: DNE
xenial_grafana: ignored (end of standard support, was needed)
bionic_grafana: DNE
focal_grafana: DNE
groovy_grafana: DNE
hirsute_grafana: DNE
impish_grafana: DNE
jammy_grafana: DNE
devel_grafana: DNE