Security News > 2021 > December > Grafana fixes zero-day vulnerability after exploits spread over Twitter
Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files.
Earlier today, Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7 were released to fix a path traversal vulnerability that could allow an attacker to navigate outside the Grafana folder and remotely access restricted locations on the server, such as /etc/password/.
Grafana Labs published a blog post today explaining that problem was with the URL for installed plug-ins, which was vulnerable to path traversal attacks.
Grafana Labs received a report about the vulnerability at the end of last week, on December 3, and came up with a fix on the same day.
Grafana Cloud instances have not been impacted, the developer said today.
According to public reports, there are thousands of Grafana servers exposed on the public internet.
News URL
Related news
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)