Lucene search

K

MitreCVELIST:CVE-2021-28148

HistoryMar 22, 2021 - 2:06 p.m.

CVE-2021-28148

2021-03-2214:06:40

mitre

www.cve.org

8

grafana enterprise

api endpoint

unauthenticated access

denial of service

cve-2021-28148

EPSS

0.009

Percentile

82.9%

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

References

community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724

community.grafana.com/t/release-notes-v6-7-x/27119

grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/

grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/

grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/

grafana.com/products/enterprise/

security.netapp.com/advisory/ntap-20210430-0005/

www.openwall.com/lists/oss-security/2021/03/19/5

EPSS

0.009

Percentile

82.9%

Related for CVELIST:CVE-2021-28148

redhatcve1 nvd1 veracode1 openvas5 cve1 osv3 ubuntucve1 prion1 alpinelinux1 suse4 nessus4