What is CVE-2021-27358?

CVE-2021-27358 is a vulnerability in N/a. Published 2021-03-18.

Is CVE-2021-27358 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

EPSS: 0.924 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
kh4sh3i/Grafana-CVE

References

github.com/grafana/grafana/blob/master/CHANGELOG.md (x_refsource_CONFIRM)
grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/ (x_refsource_CONFIRM)
github.com/grafana/grafana/blob/master/CHANGELOG.md (x_refsource_CONFIRM)
security.netapp.com/advisory/ntap-20210513-0007/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-27358?: CVE-2021-27358 is a vulnerability in N/a. Published 2021-03-18.
Is CVE-2021-27358 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.