Unrated severityNVD Advisory· Published Mar 22, 2021· Updated Aug 3, 2024
CVE-2021-28148
CVE-2021-28148
Description
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
Affected products
32- Grafana/Grafana Enterprisedescription
- osv-coords31 versionspkg:bitnami/grafanapkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015
>= 6.0.0, < 6.7.6+ 30 more
- (no CPE)range: >= 6.0.0, < 6.7.6
- (no CPE)range: < 2.9.21-1.5.1
- (no CPE)range: < 0.1.1627546504.96a0b3e-1.27.1
- (no CPE)range: < 2.27.1-1.29.2
- (no CPE)range: < 2.27.1-3.31.1
- (no CPE)range: < 7.5.7-1.21.2
- (no CPE)range: < 7.5.7-1.21.1
- (no CPE)range: < 4.2.3-1.18.2
- (no CPE)range: < 4.2.3-1.18.1
- (no CPE)range: < 4.2.2-1.12.2
- (no CPE)range: < 4.2.2-1.12.1
- (no CPE)range: < 4.2.6-1.30.2
- (no CPE)range: < 4.2.6-1.30.1
- (no CPE)range: < 4.2.3-1.12.2
- (no CPE)range: < 4.2.3-1.12.1
- (no CPE)range: < 4.2.2-1.20.2
- (no CPE)range: < 4.2.2-1.20.1
- (no CPE)range: < 4.2.4-21.34.2
- (no CPE)range: < 4.2.4-3.28.1
- (no CPE)range: < 4.2.11-38.85.2
- (no CPE)range: < 4.2.11-3.62.1
- (no CPE)range: < 4.2.12-52.53.2
- (no CPE)range: < 4.2.12-3.44.1
- (no CPE)range: < 4.2.4-24.24.2
- (no CPE)range: < 4.2.4-3.21.1
- (no CPE)range: < 4.2.2-19.18.2
- (no CPE)range: < 4.2.2-3.12.1
- (no CPE)range: < 4.2.4-25.18.2
- (no CPE)range: < 4.2.4-3.15.1
- (no CPE)range: < 4.2.5-1.15.2
- (no CPE)range: < 4.2.5-1.15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724mitrex_refsource_MISC
- community.grafana.com/t/release-notes-v6-7-x/27119mitrex_refsource_MISC
- grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/mitrex_refsource_CONFIRM
- grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/mitrex_refsource_MISC
- grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/mitrex_refsource_MISC
- grafana.com/products/enterprise/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210430-0005/mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2021/03/19/5mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.