Marefr

**Name of the Vulnerable Software and Affected Versions** Grafana versions 6.7.3 through 7.4.1 **Description** The snapshot feature in Grafana can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. This issue is related to the `github.com/grafana/grafana/pkg/middleware` package. **Recommendations** For versions 6.7.3 through 7.4.1, update to version 7.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the snapshot feature until a patch is available. Avoid using the snapshot feature in commonly used configurations until the issue is resolved.