'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:grafana_snapshot_authentication_bypass_vulnerability(Rule ID:1070210421)

Release Date2025/9/15

Rule NameCVE-2021-39226: Grafana Snapshot Authentication Bypass Vulnerability

Severity:high

CVE IDCVE-2021-39226

 

Descripiton

Grafana is a set of open source monitoring tools from Grafana LABS that provide a visual monitoring interface. The tool is used to monitor and analyze Graphite, InfluxDB, and Prometheus. Grafana has an authorization vulnerability that stems from the fact that in the affected version, both unauthenticated and authenticated users can view the snapshot with the lowest database key by accessing the path: /dashboard/snapshot/ : key or /api/snapshot/ : key. If the snapshot public mode configuration is set to true(and the default is false), an unauthenticated user can delete the snapshot by accessing the path: /api/snapshot-delete: /deleteKey, using the lowest database key. An authenticated user can delete a snapshot regardless of its public mode setting. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.