Logs4j CVE-2021-44228 Vulnerability

We are using Grafana V7.0.5. Hope you are aware about the critical vulnerability reported on log4j CVE-2021-44228. We would like to understand if there is any impact. If there is any impact please suggest when the fix is going to be available and if any workaround is available.

7 Likes

Hello,
Grafana and Grafana Enterprise are not affected by log4j. See our official statement here:

Thank You for the confirmation.
In addition to CVE-2021044228, there two more vulnerabilities were reported,

https://nvd.nist.gov/vuln/detail/CVE-2021-4104
https://nvd.nist.gov/vuln/detail/CVE-2021-45046

We would like to understand if there is any impact on Grafana ?
If there is any impact please suggest when the fix is going to be available and if any workaround is available.

Looking forward.