[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-39226":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":804,"aliases":814,"duplicate_of":9,"upstream":817,"downstream":818,"duplicates":849,"related":850,"reserved_at":9,"published_at":862,"modified_at":863,"state":864,"summary":865,"references_raw":874,"kevs":966,"epss":976,"epss_history":979,"metrics":1171,"affected":1190},"CVE-2021-39226","Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",null,[11,229],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-862","Missing Authorization","The product does not perform an authorization check when an actor attempts to access a resource or perform an action.","weakness","Incomplete","Class","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[24,61,101],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1211","Exploitation for Stealth",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0005","Stealth",[35,40,44,48,53,57],{"id":36,"name":37,"tactic":38},"D3-MBT","Memory Boundary Tracking",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-PCSV","Process Code Segment Verification",{"name":39},{"id":45,"name":46,"tactic":47},"D3-SSC","Shadow Stack Comparisons",{"name":39},{"id":49,"name":50,"tactic":51},"D3-PSEP","Process Segment Execution Prevention",{"name":52},"Harden",{"id":54,"name":55,"tactic":56},"D3-SAOR","Segment Address Offset Randomization",{"name":52},{"id":58,"name":59,"tactic":60},"D3-SFCV","Stack Frame Canary Validation",{"name":52},{"id":62,"name":63,"tactics":64,"countermeasures":70},"T1542.002","Component Firmware",[65,66,67],{"id":29,"name":30},{"id":32,"name":33},{"id":68,"name":69},"TA0110","Persistence",[71,76,80,84,88,92,96],{"id":72,"name":73,"tactic":74},"D3-SWI","Software Inventory",{"name":75},"Model",{"id":77,"name":78,"tactic":79},"D3-AVE","Asset Vulnerability Enumeration",{"name":75},{"id":81,"name":82,"tactic":83},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":39},{"id":85,"name":86,"tactic":87},"D3-FV","Firmware Verification",{"name":39},{"id":89,"name":90,"tactic":91},"D3-FBA","Firmware Behavior Analysis",{"name":39},{"id":93,"name":94,"tactic":95},"D3-SU","Software Update",{"name":52},{"id":97,"name":98,"tactic":99},"D3-RS","Restore Software",{"name":100},"Restore",{"id":102,"name":103,"tactics":104,"countermeasures":113},"T1556","Modify Authentication Process",[105,106,109,110],{"id":29,"name":30},{"id":107,"name":108},"TA0112","Defense Impairment",{"id":68,"name":69},{"id":111,"name":112},"TA0031","Credential Access",[114,118,122,126,130,134,138,142,146,150,155,159,163,167,171,176,180,184,188,193,197,201,205,209,213,217,221,225],{"id":115,"name":116,"tactic":117},"D3-CI","Configuration Inventory",{"name":75},{"id":119,"name":120,"tactic":121},"D3-NTPM","Network Traffic Policy Mapping",{"name":75},{"id":123,"name":124,"tactic":125},"D3-AM","Access Modeling",{"name":75},{"id":127,"name":128,"tactic":129},"D3-FA","File Analysis",{"name":39},{"id":131,"name":132,"tactic":133},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":135,"name":136,"tactic":137},"D3-PLA","Process Lineage Analysis",{"name":39},{"id":139,"name":140,"tactic":141},"D3-PSMD","Process Self-Modification Detection",{"name":39},{"id":143,"name":144,"tactic":145},"D3-PSA","Process Spawn Analysis",{"name":39},{"id":147,"name":148,"tactic":149},"D3-SFA","System File Analysis",{"name":39},{"id":151,"name":152,"tactic":153},"D3-FEV","File Eviction",{"name":154},"Evict",{"id":156,"name":157,"tactic":158},"D3-PT","Process Termination",{"name":154},{"id":160,"name":161,"tactic":162},"D3-PS","Process Suspension",{"name":154},{"id":164,"name":165,"tactic":166},"D3-HR","Host Reboot",{"name":154},{"id":168,"name":169,"tactic":170},"D3-HS","Host Shutdown",{"name":154},{"id":172,"name":173,"tactic":174},"D3-DF","Decoy File",{"name":175},"Deceive",{"id":177,"name":178,"tactic":179},"D3-FE","File Encryption",{"name":52},{"id":181,"name":182,"tactic":183},"D3-RF","Restore File",{"name":100},{"id":185,"name":186,"tactic":187},"D3-RC","Restore Configuration",{"name":100},{"id":189,"name":190,"tactic":191},"D3-CF","Content Filtering",{"name":192},"Isolate",{"id":194,"name":195,"tactic":196},"D3-LFP","Local File Permissions",{"name":192},{"id":198,"name":199,"tactic":200},"D3-RFAM","Remote File Access Mediation",{"name":192},{"id":202,"name":203,"tactic":204},"D3-CQ","Content Quarantine",{"name":192},{"id":206,"name":207,"tactic":208},"D3-CM","Content Modification",{"name":192},{"id":210,"name":211,"tactic":212},"D3-KBPI","Kernel-based Process Isolation",{"name":192},{"id":214,"name":215,"tactic":216},"D3-SCF","System Call Filtering",{"name":192},{"id":218,"name":219,"tactic":220},"D3-HBPI","Hardware-based Process Isolation",{"name":192},{"id":222,"name":223,"tactic":224},"D3-ABPI","Application-based Process Isolation",{"name":192},{"id":226,"name":227,"tactic":228},"D3-WSAM","Web Session Access Mediation",{"name":192},{"_key":230,"id":230,"name":231,"description":232,"type":15,"status":233,"abstraction":17,"likelihood_of_exploit":18,"capec":234},"CWE-287","Improper Authentication","When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.","Draft",[235,350,429,433,437,441,458,629,689,771],{"id":236,"name":237,"techniques":238},"CAPEC-114","Authentication Abuse",[239],{"id":240,"name":241,"tactics":242,"countermeasures":247},"T1548","Abuse Elevation Control Mechanism",[243,244],{"id":29,"name":30},{"id":245,"name":246},"TA0111","Privilege Escalation",[248,250,252,256,258,262,266,268,270,272,276,280,284,286,288,292,294,296,300,304,308,310,312,316,320,324,326,328,330,332,334,336,340,344,348],{"id":115,"name":116,"tactic":249},{"name":75},{"id":123,"name":124,"tactic":251},{"name":75},{"id":253,"name":254,"tactic":255},"D3-DI","Data Inventory",{"name":75},{"id":119,"name":120,"tactic":257},{"name":75},{"id":259,"name":260,"tactic":261},"D3-AEM","Application Exception Monitoring",{"name":39},{"id":263,"name":264,"tactic":265},"D3-SCA","System Call Analysis",{"name":39},{"id":147,"name":148,"tactic":267},{"name":39},{"id":127,"name":128,"tactic":269},{"name":39},{"id":131,"name":132,"tactic":271},{"name":39},{"id":273,"name":274,"tactic":275},"D3-OPM","Operational Process Monitoring",{"name":39},{"id":277,"name":278,"tactic":279},"D3-DA","Dynamic Analysis",{"name":39},{"id":281,"name":282,"tactic":283},"D3-EFA","Emulated File Analysis",{"name":39},{"id":143,"name":144,"tactic":285},{"name":39},{"id":151,"name":152,"tactic":287},{"name":154},{"id":289,"name":290,"tactic":291},"D3-AL","Account Locking",{"name":154},{"id":172,"name":173,"tactic":293},{"name":175},{"id":177,"name":178,"tactic":295},{"name":52},{"id":297,"name":298,"tactic":299},"D3-AA","Agent Authentication",{"name":52},{"id":301,"name":302,"tactic":303},"D3-CDP","Change Default Password",{"name":52},{"id":305,"name":306,"tactic":307},"D3-SCP","System Configuration Permissions",{"name":52},{"id":185,"name":186,"tactic":309},{"name":100},{"id":181,"name":182,"tactic":311},{"name":100},{"id":313,"name":314,"tactic":315},"D3-ULA","Unlock Account",{"name":100},{"id":317,"name":318,"tactic":319},"D3-RUAA","Restore User Account Access",{"name":100},{"id":321,"name":322,"tactic":323},"D3-RD","Restore Database",{"name":100},{"id":214,"name":215,"tactic":325},{"name":192},{"id":189,"name":190,"tactic":327},{"name":192},{"id":194,"name":195,"tactic":329},{"name":192},{"id":198,"name":199,"tactic":331},{"name":192},{"id":202,"name":203,"tactic":333},{"name":192},{"id":206,"name":207,"tactic":335},{"name":192},{"id":337,"name":338,"tactic":339},"D3-UAP","User Account Permissions",{"name":192},{"id":341,"name":342,"tactic":343},"D3-EAL","Executable Allowlisting",{"name":192},{"id":345,"name":346,"tactic":347},"D3-EDL","Executable Denylisting",{"name":192},{"id":218,"name":219,"tactic":349},{"name":192},{"id":351,"name":352,"techniques":353},"CAPEC-115","Authentication Bypass",[354],{"id":240,"name":241,"tactics":355,"countermeasures":358},[356,357],{"id":29,"name":30},{"id":245,"name":246},[359,361,363,365,367,369,371,373,375,377,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427],{"id":115,"name":116,"tactic":360},{"name":75},{"id":123,"name":124,"tactic":362},{"name":75},{"id":253,"name":254,"tactic":364},{"name":75},{"id":119,"name":120,"tactic":366},{"name":75},{"id":259,"name":260,"tactic":368},{"name":39},{"id":263,"name":264,"tactic":370},{"name":39},{"id":147,"name":148,"tactic":372},{"name":39},{"id":127,"name":128,"tactic":374},{"name":39},{"id":131,"name":132,"tactic":376},{"name":39},{"id":273,"name":274,"tactic":378},{"name":39},{"id":277,"name":278,"tactic":380},{"name":39},{"id":281,"name":282,"tactic":382},{"name":39},{"id":143,"name":144,"tactic":384},{"name":39},{"id":151,"name":152,"tactic":386},{"name":154},{"id":289,"name":290,"tactic":388},{"name":154},{"id":172,"name":173,"tactic":390},{"name":175},{"id":177,"name":178,"tactic":392},{"name":52},{"id":297,"name":298,"tactic":394},{"name":52},{"id":301,"name":302,"tactic":396},{"name":52},{"id":305,"name":306,"tactic":398},{"name":52},{"id":185,"name":186,"tactic":400},{"name":100},{"id":181,"name":182,"tactic":402},{"name":100},{"id":313,"name":314,"tactic":404},{"name":100},{"id":317,"name":318,"tactic":406},{"name":100},{"id":321,"name":322,"tactic":408},{"name":100},{"id":214,"name":215,"tactic":410},{"name":192},{"id":189,"name":190,"tactic":412},{"name":192},{"id":194,"name":195,"tactic":414},{"name":192},{"id":198,"name":199,"tactic":416},{"name":192},{"id":202,"name":203,"tactic":418},{"name":192},{"id":206,"name":207,"tactic":420},{"name":192},{"id":337,"name":338,"tactic":422},{"name":192},{"id":341,"name":342,"tactic":424},{"name":192},{"id":345,"name":346,"tactic":426},{"name":192},{"id":218,"name":219,"tactic":428},{"name":192},{"id":430,"name":431,"techniques":432},"CAPEC-151","Identity Spoofing",[],{"id":434,"name":435,"techniques":436},"CAPEC-194","Fake the Source of Data",[],{"id":438,"name":439,"techniques":440},"CAPEC-22","Exploiting Trust in Client",[],{"id":442,"name":443,"techniques":444},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[445],{"id":446,"name":447,"tactics":448,"countermeasures":453},"T1040","Network Sniffing",[449,450],{"id":111,"name":112},{"id":451,"name":452},"TA0102","Discovery",[454],{"id":455,"name":456,"tactic":457},"D3-DNSTA","DNS Traffic Analysis",{"name":39},{"id":459,"name":460,"techniques":461},"CAPEC-593","Session Hijacking",[462,506,601],{"id":463,"name":464,"tactics":465,"countermeasures":469},"T1185","Browser Session Hijacking",[466],{"id":467,"name":468},"TA0100","Collection",[470,474,478,482,486,490,494,498,502],{"id":471,"name":472,"tactic":473},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":39},{"id":475,"name":476,"tactic":477},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":39},{"id":479,"name":480,"tactic":481},"D3-CSPP","Client-server Payload Profiling",{"name":39},{"id":483,"name":484,"tactic":485},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":39},{"id":487,"name":488,"tactic":489},"D3-NTSA","Network Traffic Signature Analysis",{"name":39},{"id":491,"name":492,"tactic":493},"D3-APCA","Application Protocol Command Analysis",{"name":39},{"id":495,"name":496,"tactic":497},"D3-NTCD","Network Traffic Community Deviation",{"name":39},{"id":499,"name":500,"tactic":501},"D3-RTSD","Remote Terminal Session Detection",{"name":39},{"id":503,"name":504,"tactic":505},"D3-NTF","Network Traffic Filtering",{"name":192},{"id":507,"name":508,"tactics":509,"countermeasures":514},"T1550.001","Application Access Token",[510,511],{"id":29,"name":30},{"id":512,"name":513},"TA0109","Lateral Movement",[515,517,519,521,525,527,529,531,533,535,537,539,541,543,545,547,549,553,557,561,565,569,573,577,581,585,587,589,591,593,595,599],{"id":135,"name":136,"tactic":516},{"name":39},{"id":139,"name":140,"tactic":518},{"name":39},{"id":143,"name":144,"tactic":520},{"name":39},{"id":522,"name":523,"tactic":524},"D3-CCSA","Credential Compromise Scope Analysis",{"name":39},{"id":471,"name":472,"tactic":526},{"name":39},{"id":475,"name":476,"tactic":528},{"name":39},{"id":479,"name":480,"tactic":530},{"name":39},{"id":483,"name":484,"tactic":532},{"name":39},{"id":487,"name":488,"tactic":534},{"name":39},{"id":491,"name":492,"tactic":536},{"name":39},{"id":495,"name":496,"tactic":538},{"name":39},{"id":499,"name":500,"tactic":540},{"name":39},{"id":156,"name":157,"tactic":542},{"name":154},{"id":160,"name":161,"tactic":544},{"name":154},{"id":164,"name":165,"tactic":546},{"name":154},{"id":168,"name":169,"tactic":548},{"name":154},{"id":550,"name":551,"tactic":552},"D3-CR","Credential Revocation",{"name":154},{"id":554,"name":555,"tactic":556},"D3-ANCI","Authentication Cache Invalidation",{"name":154},{"id":558,"name":559,"tactic":560},"D3-DUC","Decoy User Credential",{"name":175},{"id":562,"name":563,"tactic":564},"D3-CH","Credential Hardening",{"name":52},{"id":566,"name":567,"tactic":568},"D3-MFA","Multi-factor Authentication",{"name":52},{"id":570,"name":571,"tactic":572},"D3-CRO","Credential Rotation",{"name":52},{"id":574,"name":575,"tactic":576},"D3-TB","Token Binding",{"name":52},{"id":578,"name":579,"tactic":580},"D3-TBA","Token-based Authentication",{"name":52},{"id":582,"name":583,"tactic":584},"D3-RIC","Reissue Credential",{"name":100},{"id":210,"name":211,"tactic":586},{"name":192},{"id":214,"name":215,"tactic":588},{"name":192},{"id":218,"name":219,"tactic":590},{"name":192},{"id":222,"name":223,"tactic":592},{"name":192},{"id":226,"name":227,"tactic":594},{"name":192},{"id":596,"name":597,"tactic":598},"D3-CTS","Credential Transmission Scoping",{"name":192},{"id":503,"name":504,"tactic":600},{"name":192},{"id":602,"name":603,"tactics":604,"countermeasures":606},"T1563","Remote Service Session Hijacking",[605],{"id":512,"name":513},[607,609,611,613,615,617,619,621,623,627],{"id":471,"name":472,"tactic":608},{"name":39},{"id":475,"name":476,"tactic":610},{"name":39},{"id":479,"name":480,"tactic":612},{"name":39},{"id":483,"name":484,"tactic":614},{"name":39},{"id":487,"name":488,"tactic":616},{"name":39},{"id":491,"name":492,"tactic":618},{"name":39},{"id":495,"name":496,"tactic":620},{"name":39},{"id":499,"name":500,"tactic":622},{"name":39},{"id":624,"name":625,"tactic":626},"D3-ST","Session Termination",{"name":154},{"id":503,"name":504,"tactic":628},{"name":192},{"id":630,"name":631,"techniques":632},"CAPEC-633","Token Impersonation",[633],{"id":634,"name":635,"tactics":636,"countermeasures":640},"T1134","Access Token Manipulation",[637,638,639],{"id":29,"name":30},{"id":32,"name":33},{"id":245,"name":246},[641,643,645,647,649,651,653,655,657,659,661,663,665,667,669,671,673,675,677,679,681,683,685,687],{"id":115,"name":116,"tactic":642},{"name":75},{"id":119,"name":120,"tactic":644},{"name":75},{"id":123,"name":124,"tactic":646},{"name":75},{"id":259,"name":260,"tactic":648},{"name":39},{"id":263,"name":264,"tactic":650},{"name":39},{"id":522,"name":523,"tactic":652},{"name":39},{"id":273,"name":274,"tactic":654},{"name":39},{"id":143,"name":144,"tactic":656},{"name":39},{"id":624,"name":625,"tactic":658},{"name":154},{"id":550,"name":551,"tactic":660},{"name":154},{"id":554,"name":555,"tactic":662},{"name":154},{"id":558,"name":559,"tactic":664},{"name":175},{"id":562,"name":563,"tactic":666},{"name":52},{"id":566,"name":567,"tactic":668},{"name":52},{"id":570,"name":571,"tactic":670},{"name":52},{"id":574,"name":575,"tactic":672},{"name":52},{"id":578,"name":579,"tactic":674},{"name":52},{"id":185,"name":186,"tactic":676},{"name":100},{"id":582,"name":583,"tactic":678},{"name":100},{"id":214,"name":215,"tactic":680},{"name":192},{"id":596,"name":597,"tactic":682},{"name":192},{"id":341,"name":342,"tactic":684},{"name":192},{"id":345,"name":346,"tactic":686},{"name":192},{"id":218,"name":219,"tactic":688},{"name":192},{"id":690,"name":691,"techniques":692},"CAPEC-650","Upload a Web Shell to a Web Server",[693],{"id":694,"name":695,"tactics":696,"countermeasures":698},"T1505.003","Web Shell",[697],{"id":68,"name":69},[699,703,707,711,715,717,719,721,723,725,727,729,731,733,735,737,739,741,743,747,749,751,753,755,757,759,761,763,765,767,769],{"id":700,"name":701,"tactic":702},"D3-NNI","Network Node Inventory",{"name":75},{"id":704,"name":705,"tactic":706},"D3-PLM","Physical Link Mapping",{"name":75},{"id":708,"name":709,"tactic":710},"D3-LLM","Logical Link Mapping",{"name":75},{"id":712,"name":713,"tactic":714},"D3-EHB","Endpoint Health Beacon",{"name":39},{"id":127,"name":128,"tactic":716},{"name":39},{"id":131,"name":132,"tactic":718},{"name":39},{"id":277,"name":278,"tactic":720},{"name":39},{"id":281,"name":282,"tactic":722},{"name":39},{"id":135,"name":136,"tactic":724},{"name":39},{"id":139,"name":140,"tactic":726},{"name":39},{"id":143,"name":144,"tactic":728},{"name":39},{"id":151,"name":152,"tactic":730},{"name":154},{"id":156,"name":157,"tactic":732},{"name":154},{"id":160,"name":161,"tactic":734},{"name":154},{"id":164,"name":165,"tactic":736},{"name":154},{"id":168,"name":169,"tactic":738},{"name":154},{"id":172,"name":173,"tactic":740},{"name":175},{"id":177,"name":178,"tactic":742},{"name":52},{"id":744,"name":745,"tactic":746},"D3-RNA","Restore Network Access",{"name":100},{"id":181,"name":182,"tactic":748},{"name":100},{"id":189,"name":190,"tactic":750},{"name":192},{"id":194,"name":195,"tactic":752},{"name":192},{"id":198,"name":199,"tactic":754},{"name":192},{"id":202,"name":203,"tactic":756},{"name":192},{"id":206,"name":207,"tactic":758},{"name":192},{"id":341,"name":342,"tactic":760},{"name":192},{"id":345,"name":346,"tactic":762},{"name":192},{"id":210,"name":211,"tactic":764},{"name":192},{"id":214,"name":215,"tactic":766},{"name":192},{"id":218,"name":219,"tactic":768},{"name":192},{"id":222,"name":223,"tactic":770},{"name":192},{"id":772,"name":773,"techniques":774},"CAPEC-94","Adversary in the Middle (AiTM)",[775],{"id":776,"name":777,"tactics":778,"countermeasures":781},"T1557","Adversary-in-the-Middle",[779,780],{"id":111,"name":112},{"id":467,"name":468},[782,784,786,788,790,792,794,796,798,802],{"id":471,"name":472,"tactic":783},{"name":39},{"id":475,"name":476,"tactic":785},{"name":39},{"id":479,"name":480,"tactic":787},{"name":39},{"id":483,"name":484,"tactic":789},{"name":39},{"id":487,"name":488,"tactic":791},{"name":39},{"id":491,"name":492,"tactic":793},{"name":39},{"id":495,"name":496,"tactic":795},{"name":39},{"id":499,"name":500,"tactic":797},{"name":39},{"id":799,"name":800,"tactic":801},"D3-CAA","Connection Attempt Analysis",{"name":39},{"id":503,"name":504,"tactic":803},{"name":192},[805],{"_key":806,"name":807,"source":808,"url":809,"maturity":810,"reliability_score":811,"verified":812,"type":9,"platforms":813,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_GRAFANA_GRAFANA","Grafana","github","https://github.com/grafana/grafana/issues/13667","poc",0.3,false,[],[815,816],"GHSA-69j6-29vr-p3j9","BIT-grafana-2021-39226",[],[819,821,823,825,827,829,831,833,835,837,839,841,843,845,847],{"_key":820},"RHSA-2021:3769",{"_key":822},"RHSA-2021:3770",{"_key":824},"RHSA-2021:3771",{"_key":826},"UBUNTU-CVE-2021-39226",{"_key":828},"SUSE-SU-2022:0138-1",{"_key":830},"SUSE-SU-2022:0139-1",{"_key":832},"SUSE-SU-2022:2134-1",{"_key":834},"SUSE-SU-2022:3338-1",{"_key":836},"SUSE-SU-2022:3339-1",{"_key":838},"SUSE-SU-2022:3425-1",{"_key":840},"SUSE-SU-2024:0191-1",{"_key":842},"SUSE-FU-2022:1419-1",{"_key":844},"SUSE-SU-2022:1396-1",{"_key":846},"OPENSUSE-SU-2022:0140-1",{"_key":848},"OPENSUSE-SU-2024:11651-1",[],[851,852,853,854,855,856,857,858,859,860,861],{"_key":828},{"_key":830},{"_key":832},{"_key":834},{"_key":836},{"_key":838},{"_key":840},{"_key":842},{"_key":844},{"_key":846},{"_key":848},"2021-10-05T17:30:11.000Z","2025-10-21T23:25:30.669Z","Analyzed",{"cisa_kev":866,"cisa_ransomware":812,"cisa_vendor":867,"epss_severity":868,"epss_score":869,"severity":868,"severity_score":870,"severity_version":871,"severity_source":872,"severity_vector":873,"severity_status":864},true,"Grafana Labs","critical",0.9435,9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[875,886,892,897,901,908,914,918,922,928,933,938,942,946,950,954,958,962],{"url":876,"sources":877,"tags":880},"https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9",[872,878,879],"nvd","osv_go",[881,882,883,884,885],"X Refsource CONFIRM","Exploit","Mitigation","Vendor Advisory","WEB",{"url":887,"sources":888,"tags":889},"https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269",[872,878,879],[890,891,885],"X Refsource MISC","Patch",{"url":893,"sources":894,"tags":895},"https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/",[872,878],[890,896],"Release Notes",{"url":898,"sources":899,"tags":900},"https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/",[872,878],[890,896],{"url":902,"sources":903,"tags":904},"http://www.openwall.com/lists/oss-security/2021/10/05/4",[872,878,879],[905,906,907,885],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":909,"sources":910,"tags":911},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG/",[872,878],[884,912,913],"X Refsource FEDORA","Broken Link",{"url":915,"sources":916,"tags":917},"https://security.netapp.com/advisory/ntap-20211029-0008/",[872,878],[881,907],{"url":919,"sources":920,"tags":921},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT/",[872,878],[884,912,913],{"url":923,"sources":924,"tags":925},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39226",[872,878,879],[926,927,885],"Government Resource","US Government Resource",{"url":929,"sources":930,"tags":931},"https://nvd.nist.gov/vuln/detail/CVE-2021-39226",[879],[932],"Advisory",{"url":934,"sources":935,"tags":936},"https://github.com/grafana/grafana",[879],[937],"PACKAGE",{"url":939,"sources":940,"tags":941},"https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11",[879],[885],{"url":943,"sources":944,"tags":945},"https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6",[879],[885],{"url":947,"sources":948,"tags":949},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT",[879],[885],{"url":951,"sources":952,"tags":953},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG",[879],[885],{"url":955,"sources":956,"tags":957},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT",[879],[885],{"url":959,"sources":960,"tags":961},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG",[879],[885],{"url":963,"sources":964,"tags":965},"https://security.netapp.com/advisory/ntap-20211029-0008",[879],[885],[967],{"source":968,"vendor":867,"product":807,"date_added":969,"vulnerability_name":970,"short_description":971,"required_action":972,"due_date":973,"known_ransomware_campaign_use":974,"notes":975,"exploitation_type":9},"cisa","2022-08-25","Grafana Authentication Bypass Vulnerability","Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.","Apply updates per vendor instructions.","2022-09-15","Unknown","https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/; https://nvd.nist.gov/vuln/detail/CVE-2021-39226",{"date":977,"score":869,"percentile":978},"2026-06-04",0.9996,[980,983,985,987,989,991,993,995,997,999,1002,1005,1007,1009,1011,1015,1017,1019,1021,1023,1025,1027,1029,1031,1033,1035,1037,1039,1043,1045,1047,1049,1051,1054,1056,1058,1060,1062,1064,1066,1068,1070,1072,1074,1077,1079,1081,1083,1086,1088,1090,1092,1094,1096,1099,1101,1103,1105,1107,1109,1111,1113,1115,1117,1119,1121,1123,1125,1127,1129,1131,1133,1135,1137,1139,1141,1143,1145,1147,1149,1151,1153,1155,1157,1159,1161,1163,1165,1167,1169],{"date":981,"score":869,"percentile":982},"2025-11-04",0.99952,{"date":984,"score":869,"percentile":982},"2025-11-05",{"date":986,"score":869,"percentile":982},"2025-11-06",{"date":988,"score":869,"percentile":982},"2025-11-07",{"date":990,"score":869,"percentile":982},"2025-11-08",{"date":992,"score":869,"percentile":982},"2025-11-09",{"date":994,"score":869,"percentile":982},"2025-11-10",{"date":996,"score":869,"percentile":982},"2025-11-11",{"date":998,"score":869,"percentile":982},"2025-11-12",{"date":1000,"score":869,"percentile":1001},"2025-11-13",0.9995,{"date":1003,"score":869,"percentile":1004},"2025-11-14",0.99951,{"date":1006,"score":869,"percentile":982},"2025-11-15",{"date":1008,"score":869,"percentile":982},"2025-11-16",{"date":1010,"score":869,"percentile":982},"2025-11-17",{"date":1012,"score":1013,"percentile":1014},"2025-11-18",0.9368,0.99894,{"date":1016,"score":1013,"percentile":1014},"2025-11-19",{"date":1018,"score":1013,"percentile":1014},"2025-11-20",{"date":1020,"score":869,"percentile":1004},"2025-11-21",{"date":1022,"score":869,"percentile":1004},"2025-11-22",{"date":1024,"score":869,"percentile":1004},"2025-11-23",{"date":1026,"score":869,"percentile":982},"2025-11-24",{"date":1028,"score":869,"percentile":982},"2025-11-25",{"date":1030,"score":869,"percentile":982},"2025-11-26",{"date":1032,"score":869,"percentile":982},"2025-11-27",{"date":1034,"score":869,"percentile":982},"2025-11-28",{"date":1036,"score":869,"percentile":982},"2025-11-29",{"date":1038,"score":869,"percentile":982},"2025-11-30",{"date":1040,"score":1041,"percentile":1042},"2025-12-01",0.94326,0.99947,{"date":1044,"score":1041,"percentile":1042},"2025-12-02",{"date":1046,"score":1041,"percentile":1042},"2025-12-03",{"date":1048,"score":869,"percentile":982},"2025-12-04",{"date":1050,"score":869,"percentile":982},"2025-12-05",{"date":1052,"score":869,"percentile":1053},"2025-12-06",0.99953,{"date":1055,"score":869,"percentile":1053},"2025-12-07",{"date":1057,"score":869,"percentile":1053},"2025-12-08",{"date":1059,"score":869,"percentile":1053},"2025-12-09",{"date":1061,"score":869,"percentile":1053},"2025-12-10",{"date":1063,"score":869,"percentile":1053},"2025-12-11",{"date":1065,"score":869,"percentile":1053},"2025-12-12",{"date":1067,"score":869,"percentile":1053},"2025-12-13",{"date":1069,"score":869,"percentile":1053},"2025-12-14",{"date":1071,"score":869,"percentile":1053},"2025-12-15",{"date":1073,"score":869,"percentile":1053},"2025-12-16",{"date":1075,"score":869,"percentile":1076},"2025-12-17",0.99954,{"date":1078,"score":869,"percentile":982},"2025-12-18",{"date":1080,"score":869,"percentile":1076},"2025-12-19",{"date":1082,"score":869,"percentile":1076},"2025-12-20",{"date":1084,"score":869,"percentile":1085},"2025-12-21",0.99955,{"date":1087,"score":869,"percentile":1085},"2025-12-22",{"date":1089,"score":869,"percentile":1076},"2025-12-23",{"date":1091,"score":869,"percentile":1076},"2025-12-24",{"date":1093,"score":869,"percentile":1076},"2025-12-25",{"date":1095,"score":869,"percentile":1076},"2025-12-26",{"date":1097,"score":1098,"percentile":982},"2025-12-27",0.94344,{"date":1100,"score":869,"percentile":1076},"2025-12-28",{"date":1102,"score":869,"percentile":1076},"2025-12-29",{"date":1104,"score":869,"percentile":1076},"2025-12-30",{"date":1106,"score":869,"percentile":1076},"2025-12-31",{"date":1108,"score":1041,"percentile":1001},"2026-01-01",{"date":1110,"score":1041,"percentile":1001},"2026-01-02",{"date":1112,"score":1041,"percentile":1001},"2026-01-03",{"date":1114,"score":869,"percentile":1076},"2026-01-04",{"date":1116,"score":869,"percentile":1076},"2026-01-05",{"date":1118,"score":869,"percentile":1076},"2026-01-06",{"date":1120,"score":869,"percentile":1085},"2026-01-07",{"date":1122,"score":869,"percentile":1085},"2026-01-08",{"date":1124,"score":869,"percentile":1085},"2026-01-09",{"date":1126,"score":869,"percentile":1085},"2026-01-10",{"date":1128,"score":869,"percentile":1085},"2026-01-11",{"date":1130,"score":869,"percentile":1085},"2026-01-12",{"date":1132,"score":869,"percentile":1085},"2026-01-13",{"date":1134,"score":869,"percentile":1085},"2026-01-14",{"date":1136,"score":869,"percentile":1085},"2026-01-15",{"date":1138,"score":869,"percentile":1085},"2026-01-16",{"date":1140,"score":869,"percentile":1085},"2026-01-17",{"date":1142,"score":869,"percentile":1085},"2026-01-18",{"date":1144,"score":869,"percentile":1085},"2026-01-19",{"date":1146,"score":869,"percentile":1085},"2026-01-20",{"date":1148,"score":869,"percentile":1085},"2026-01-21",{"date":1150,"score":869,"percentile":1085},"2026-01-22",{"date":1152,"score":869,"percentile":1085},"2026-01-23",{"date":1154,"score":869,"percentile":1085},"2026-01-24",{"date":1156,"score":869,"percentile":1085},"2026-01-25",{"date":1158,"score":869,"percentile":1085},"2026-01-26",{"date":1160,"score":869,"percentile":1085},"2026-01-27",{"date":1162,"score":869,"percentile":1085},"2026-01-28",{"date":1164,"score":869,"percentile":1085},"2026-01-29",{"date":1166,"score":869,"percentile":1085},"2026-01-30",{"date":1168,"score":869,"percentile":1085},"2026-01-31",{"date":1170,"score":1041,"percentile":1001},"2026-02-01",[1172,1176,1187],{"source":872,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":1173,"cvss_v4_0":9},{"baseScore":870,"baseSeverity":1174,"vectorString":873,"impactScore":870,"exploitabilityScore":1175},"CRITICAL",10,{"source":878,"cvss_v2_0":1177,"cvss_v3_0":9,"cvss_v3_1":1182,"cvss_v4_0":9},{"baseScore":1178,"baseSeverity":9,"vectorString":1179,"impactScore":1180,"exploitabilityScore":1181},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":1183,"baseSeverity":1184,"vectorString":1185,"impactScore":1186,"exploitabilityScore":1175},7.3,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",5.7,{"source":879,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":1188,"cvss_v4_0":9},{"baseScore":1183,"baseSeverity":9,"vectorString":1189,"impactScore":1186,"exploitabilityScore":1175},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H",[1191,1201,1218],{"ecosystem":9,"name":1192,"vendor":1193,"product":1192,"cpe_part":1194,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1195},"fedora","fedoraproject","o",[1196,1199],{"version":1197,"is_range":812,"range_type":1198,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34","cpe",{"version":1200,"is_range":812,"range_type":1198,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"ecosystem":1202,"name":1203,"vendor":1204,"product":1205,"cpe_part":9,"purl_type":1206,"purl_namespace":1204,"purl_name":1205,"source":9,"versions":1207},"Go","github.com/grafana/grafana","github.com/grafana","grafana","golang",[1208,1213],{"version":1209,"is_range":866,"range_type":1210,"version_start":9,"version_start_type":9,"version_end":1211,"version_end_type":1212,"fixed_in":9},"lt7_5_11","semver","7.5.11","excluding",{"version":1214,"is_range":866,"range_type":1210,"version_start":1215,"version_start_type":1216,"version_end":1217,"version_end_type":1212,"fixed_in":9},"gte8_0_0_lt8_1_6","8.0.0","including","8.1.6",{"ecosystem":9,"name":1205,"vendor":1205,"product":1205,"cpe_part":1219,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1220},"a",[1221,1223],{"version":1222,"is_range":866,"range_type":1198,"version_start":1215,"version_start_type":1216,"version_end":1217,"version_end_type":1212,"fixed_in":9},">= 8.0.0, \u003C 8.1.6",{"version":1224,"is_range":866,"range_type":1198,"version_start":9,"version_start_type":9,"version_end":1211,"version_end_type":1212,"fixed_in":9},"\u003C 7.5.11"]