BIT-grafana-2021-28148

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2021-28148.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-grafana-2021-28148
Aliases
Published
2024-03-06T10:59:46.478Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

References

Affected packages

Bitnami / grafana

Package

Name
grafana
Purl
pkg:bitnami/grafana

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
6.0.0
Fixed
6.7.6
Introduced
7.0.0
Fixed
7.3.10
Introduced
7.4.0
Fixed
7.4.5