CVE-2022-29170 Grafana is an open-source platform for monitoring and observability. In the Request security feature, the instance calls specific hosts.

In version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3, there is a remote code execution vulnerability in the way requests are handled. This could potentially be exploited by malicious users to conduct a denial-of-service attack or other malicious activity. The issue has been fixed in 7.5.16 and 8.5.3.  At the time of publishing this advisory, there is currently no known workaround. Mitigation scenarios include not allowing any custom datasources to be called or only allowing a whitelist of hosts to be called. In addition, restricting or monitoring access to the server and database in case of suspicions may help as well.

Vulnerability details

A remote code execution vulnerability was identified in version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 of the Monitis Web GUI, where requests could be exploited by malicious users to conduct a denial-of-service attack or other malicious activity on the server.
The issue has been fixed in 7.5.16 and 8.5.3 of the Monitis Web GUI
Mitigation scenarios include not allowing any custom datasources to be called or only allowing a whitelist of hosts to be called  In addition, restricting or monitoring access to the server and database in case of suspicions may help as well

CVE-2021-3396

2 : Potential Denial-of-Service Attack
A denial-of-service vulnerability has been discovered in version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3, which could potentially be exploited by malicious users to conduct a denial-of-service attack or other malicious activity. The issue has been fixed in 7.5.16 and 8.5.3.  At the time of publishing this advisory, there is currently no known workaround

Summary

A remote code execution vulnerability exists in the way requests are handled. This could potentially be exploited by malicious users to conduct a denial-of-service attack or other malicious activity. For more information on the issue, see the CVE-2022-29170 advisory

References:

CVE-2022-29170: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29170
https://www.symantec.com/security_response/vulnerability.jsp?bid=441860
https://support.talend.com/hc/en-us/articles/360047679458

0x01 Introduction and symptoms

In versions 7.4.0-beta1 and prior to versions 7.5.16, there is a remote code execution vulnerability in the way requests are handled that could potentially be exploited by malicious users to conduct a denial-of-service attack or other malicious activity. The issue has been fixed in 7.5.16 and 8.5.3.

Timeline

Published on: 05/20/2022 16:15:00 UTC
Last modified on: 07/07/2022 15:15:00 UTC

References

• https://github.com/grafana/grafana/security/advisories/GHSA-9rrr-6fq2-4f99
• https://github.com/grafana/grafana/releases/tag/v8.5.3
• https://github.com/grafana/grafana/pull/49240
• https://github.com/grafana/grafana/releases/tag/v7.5.16
• https://security.netapp.com/advisory/ntap-20220707-0005/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29170