https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27358 This one does not specify enterprise. Summary Grafana is prone to a denial of service (DoS) vulnerability. Detection Result Installed version: 6.7.4 Fixed version: 7.4.2 Installation path / port: / Insight The snapshot feature in Grafana can allow an unauthenticated remote attacker to trigger a DoS via a remote API call if a commonly used configuration is set. Detection Method Checks if a vulnerable version is present on the target host. Details: Grafana < 7.4.2 DoS Vulnerability OID: 1.3.6.1.4.1.25623.1.0.145598 (https://gsa.la1.clx.corp/nvt/1.3.6.1.4.1.25623.1.0.145598) Version used: 2021-08-17T14:01:00Z Affected Software/OS Grafana versions through 7.4.1. Solution Solution Type: Vendorfix Update to version 7.4.2 or later. References CVE CVE-2021-27358 (https://gsa.la1.clx.corp/cve/CVE-2021-27358) CERT DFN-CERT-2021-2376 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-2376)DFN-CERT-2021-1739 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1739)DFN-CERT-2021-1670 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1670)DFN-CERT-2021-1622 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1622)DFN-CERT-2021-1282 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1282)DFN-CERT-2021-1281 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1281)CB-K21/0294 (https://gsa.la1.clx.corp/certbund/CB-K21%2F0294) Other https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/ > On Tuesday, Jan 11, 2022 at 9:46 AM, Ernesto Puerta <epuertat@xxxxxxxxxx (mailto:epuertat@xxxxxxxxxx)> wrote: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28148 states that this only happens to the Enterprise edition of Grafana, while the default version deployed by Cephadm is the community one. > > Kind Regards, Ernesto > > On Tue, Jan 4, 2022 at 4:14 AM Jeremy Hansen <jeremy@xxxxxxxxxx (mailto:jeremy@xxxxxxxxxx)> wrote: > > I’m running 16.2.7 Pacific with Cephadm. Is there a way to upgrade an individual component without breaking orchestration? I’m just trying to clean up security issues and my scanner found problems with the version of Grafana Ceph deploys: > > > > CVE > > CVE-2021-28148 (https://gsa.la1.clx.corp/cve/CVE-2021-28148) > > > > CERT > > > > DFN-CERT-2021-1741 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1741)DFN-CERT-2021-1739 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1739)CB-K21/0293 (https://gsa.la1.clx.corp/certbund/CB-K21%2F0293) > > > > Summary > > Grafana is prone to a denial of service (DoS) vulnerability. > > > > Detection Result > > Installed version: 6.7.4 Fixed version: 6.7.6 Installation path / port: / > > > > Thanks > > -jeremy > > > > _______________________________________________ > > ceph-users mailing list -- ceph-users@xxxxxxx (mailto:ceph-users@xxxxxxx) > > To unsubscribe send an email to ceph-users-leave@xxxxxxx (mailto:ceph-users-leave@xxxxxxx)
_______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
