Security News > 2021 > December > Grafana fixes zero-day vulnerability after exploits spread over Twitter
Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files.
Earlier today, Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7 were released to fix a path traversal vulnerability that could allow an attacker to navigate outside the Grafana folder and remotely access restricted locations on the server, such as /etc/password/.
Grafana Labs published a blog post today explaining that problem was with the URL for installed plug-ins, which was vulnerable to path traversal attacks.
Grafana Labs received a report about the vulnerability at the end of last week, on December 3, and came up with a fix on the same day.
Grafana Cloud instances have not been impacted, the developer said today.
According to public reports, there are thousands of Grafana servers exposed on the public internet.
News URL
Related news
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)