Login Sign Up

CVE-2021-27358

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Grafana's snapshot feature allows unauthenticated remote attackers to trigger a Denial of Service via API calls when a commonly used configuration is enabled. It affects Grafana instances running versions 6.7.3 through 7.4.1 with the snapshot feature accessible.

💻 Affected Systems

Products:
  • Grafana
Versions: 6.7.3 through 7.4.1
Operating Systems: All platforms running affected Grafana versions
Default Config Vulnerable: ✅ No
Notes: Requires snapshot feature to be enabled and accessible. The commonly used configuration mentioned is not specified in available references but appears to be a typical deployment scenario.

📦 What is this software?

E Series Performance Analyzer by Netapp

View all CVEs affecting E Series Performance Analyzer →

Grafana by Grafana

View all CVEs affecting Grafana →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability for Grafana dashboards and monitoring capabilities, disrupting business operations and visibility.

🟠

Likely Case

Temporary service degradation or downtime for Grafana, affecting dashboard access and monitoring data visualization.

🟢

If Mitigated

Minimal impact with proper network segmentation and authentication controls preventing unauthenticated access.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing instances particularly vulnerable to DoS attacks.
🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require attacker presence on internal network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only API access to the snapshot feature without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.2

Vendor Advisory: https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/

Restart Required: Yes

Instructions:

1. Backup current Grafana configuration and data. 2. Stop Grafana service. 3. Upgrade to Grafana 7.4.2 or later using your package manager or download from grafana.com. 4. Restart Grafana service. 5. Verify service is running and accessible.

🔧 Temporary Workarounds

Disable snapshot API access

linux

Restrict or disable access to the snapshot API endpoints to prevent exploitation.

# Configure firewall rules to block access to snapshot endpoints
# Example: iptables -A INPUT -p tcp --dport 3000 -m string --string "/api/snapshots" --algo bm -j DROP

Enable authentication requirements

all

Ensure all API endpoints require authentication, preventing unauthenticated access.

# Configure auth in grafana.ini: [auth]
enabled = true
# Ensure [security] section has: allow_embedding = false

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to Grafana instances only to authorized users and systems.
  • Deploy Web Application Firewall (WAF) rules to detect and block malicious API calls to snapshot endpoints.

🔍 How to Verify

Check if Vulnerable:

Check Grafana version: grafana-server -v. If version is between 6.7.3 and 7.4.1 inclusive, and snapshot feature is enabled, the system is vulnerable.

Check Version:

grafana-server -v

Verify Fix Applied:

After patching, verify version is 7.4.2 or later with grafana-server -v and test snapshot functionality works normally without service disruption.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed or successful API calls to /api/snapshots endpoints from unauthenticated sources
  • Increased error rates or service restart logs

Network Indicators:

  • High volume of requests to Grafana snapshot API endpoints
  • Traffic patterns suggesting DoS attack

SIEM Query:

source="grafana.log" AND ("/api/snapshots" OR "snapshot") AND (status=200 OR status=4xx) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2021-27358
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: March 18, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON