CVE-2021-28148

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-28148
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28148.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-28148
Aliases
Related
Published
2021-03-22T15:15:14Z
Modified
2024-05-29T22:12:26Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

References

Affected packages

Git / github.com/grafana/grafana

Affected ranges

Type
GIT
Repo
https://github.com/grafana/grafana
Events