southparkfan@test3:~$ python3 cve.py --url 'https://grafana.miraheze.org' [-] Testing https://grafana.miraheze.org... [-] Status: 200 [-] Checking for version... [-] Grafana version appears to be: 7.4.1 [!] Version seems to indicate it's probably not vulnerable. [-] Checking if snapshot api requires authentiation... [+] Snapshot endpoint doesn't seem to require authentication! Host may be vulnerable.
- The API endpoint is open
- Our Grafana version is on a patched version
- Only impact on A, not C/I, Grafana is not critical
- However, taking into account that Grafana resides on a system where critical systems (Icinga) are hosted..