CVE-2021-28148

🗓️ 22 Mar 2021 14:06:40Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 220 Views

Usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 allows unauthenticated access, leading to DoS attack

Reporter	Title	Published	Views	Family All 43
AlpineLinux	CVE-2021-28148	22 Mar 202114:06	–	alpinelinux
Circl	CVE-2021-28148	22 Mar 202117:37	–	circl
CNNVD	Grafana 访问控制错误漏洞	18 Mar 202100:00	–	cnnvd
Cvelist	CVE-2021-28148	22 Mar 202114:06	–	cvelist
EUVD	EUVD-2021-14846	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in Grafana Enterprise	22 Mar 202100:00	–	ncsc
NVD	CVE-2021-28148	22 Mar 202115:15	–	nvd
Tenable Nessus	openSUSE 15 Security Update : grafana (openSUSE-SU-2021:1148-1)	14 Aug 202100:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : SUSE Manager Client Tools (openSUSE-SU-2021:1162-1)	18 Aug 202100:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : grafana (openSUSE-SU-2021:2662-1)	13 Aug 202100:00	–	nessus

NVD

Node

grafana grafanaRange6.0.0–6.7.6enterprise

grafana grafanaRange7.0.0–7.3.10enterprise

grafana grafanaRange7.4.0–7.4.5enterprise

Source	Link
grafana	www.grafana.com/products/enterprise/
grafana	www.grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/
grafana	www.grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/
openwall	www.openwall.com/lists/oss-security/2021/03/19/5
security	www.security.netapp.com/advisory/ntap-20210430-0005/
grafana	www.grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/
community	www.community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
community	www.community.grafana.com/t/release-notes-v6-7-x/27119

21 Nov 2024 05:59Current

7.2High risk

Vulners AI Score7.2

CVSS 25

CVSS 3.17.5

EPSS0.07245

CWE-306