← Back

CVE-2021-28148

nvd nist
Published: Mar 22, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

Affected (3)

Products: Grafana: Grafana
Grafana
1 product
Grafana
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Grafana
Grafana
From 6.0.0 to 6.7.6
Grafana
From 7.0.0 to 7.3.10
Grafana
From 7.4.0 to 7.4.5

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (16)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.