One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
References
Link | Resource |
---|---|
https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 | Vendor Advisory |
https://community.grafana.com/t/release-notes-v6-7-x/27119 | Release Notes Vendor Advisory |
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ | Release Notes Vendor Advisory |
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ | Release Notes Vendor Advisory |
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ | Release Notes Vendor Advisory |
https://grafana.com/products/enterprise/ | Product Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210430-0005/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/03/19/5 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
20 May 2022, 20:44
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210430-0005/ - Third Party Advisory |
30 Apr 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2021, 17:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-287 | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CWE | CWE-287 | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-287 | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CWE | CWE-287 | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CWE | CWE-287 | |
CWE | CWE-287 | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CWE | CWE-287 | |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CWE | CWE-287 | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CWE | CWE-287 | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory | |
References | (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory | |
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-287 |
22 Mar 2021, 16:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CWE | ||
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CPE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CWE | ||
CPE | ||
CPE | ||
CWE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
22 Mar 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-22 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-28148
Mitre link : CVE-2021-28148
CVE.ORG link : CVE-2021-28148
JSON object : View
Products Affected
grafana
- grafana
CWE
CWE-306
Missing Authentication for Critical Function