Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Grafana 8.2.4 released with security fixes

Related Vulnerabilities: CVE-2021-41244  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Grafana 8.2.4 released with security fixes

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Vardan Torosyan &lt;vardan.torosyan () grafana com&gt;

Date: Mon, 15 Nov 2021 18:01:27 +0100

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Dear all,

We have released Grafana 8.2.4 with security fixes This patch release
includes security fixes that affect Grafana versions 8.0.0 through 8.2.3.

The vulnerability only affects Grafana instances where fine-grained access
control beta is enabled, and there is more than one organization in the
Grafana instance. Grafana Cloud instances have not been affected by the
vulnerability.

*Incorrect Access Control (CVE-2021-41244)*

On Nov. 2, during an internal security audit, we discovered that when the
fine-grained access control beta feature is enabled and there is more than
one organization in the Grafana instance, Grafana 8.0 introduced a
mechanism which allowed users with the Organization Admin role to list,
add, remove, and update users’ roles in other organizations in which they
are not an admin.

Affected versions with high severity

Grafana 8.0 to 8.2.3

*Solutions and mitigations*
All installations between v8.0 and v8.2.3 that have fine-grained access
control beta enabled and more than one organization should be upgraded as
soon as possible. If you cannot upgrade, you should turn off the
fine-grained access control using a feature flag.

*Patched versions*
Release v8.2.4, only containing a security fix:

* Download Grafana 8.2.4 - https://grafana.com/grafana/download/8.2.4
* Release notes -
https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-2-4/

Further information can be found at
https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/

Best Regards,
Vardan Torosyan

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Grafana 8.2.4 released with security fixes Vardan Torosyan (Nov 15)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started