Unrated severityNVD Advisory· Published Mar 22, 2021· Updated Aug 3, 2024
CVE-2021-28148
CVE-2021-28148
Description
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
53- Grafana/Grafana Enterprisedescription
- Range: >= 6.0, < 6.7.6; >= 7.0, < 7.3.10; >= 7.4, < 7.4.5
- osv-coords51 versionspkg:bitnami/grafanapkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/grafana&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mgr-cfg&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/mgr-custom-info&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/mgr-osad&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/mgr-push&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/mgr-virtualization&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/rhnlib&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/spacewalk-client-tools&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/spacewalk-koan&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/spacewalk-oscap&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/suseRegisterInfo&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/uyuni-common-libs&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015
>= 6.0.0, < 6.7.6+ 50 more
- (no CPE)range: >= 6.0.0, < 6.7.6
- (no CPE)range: < 2.9.21-lp152.2.7.1
- (no CPE)range: < 2.9.21-1.5.1
- (no CPE)range: < 0.1.1627546504.96a0b3e-lp152.2.26.1
- (no CPE)range: < 0.1.1627546504.96a0b3e-1.27.1
- (no CPE)range: < 2.27.1-lp152.3.13.1
- (no CPE)range: < 7.5.7-lp152.2.16.1
- (no CPE)range: < 7.5.7-3.12.1
- (no CPE)range: < 7.5.7-1.2
- (no CPE)range: < 4.2.3-1.18.1
- (no CPE)range: < 4.2.2-1.12.1
- (no CPE)range: < 4.2.6-1.30.1
- (no CPE)range: < 4.2.3-1.12.1
- (no CPE)range: < 4.2.2-1.20.1
- (no CPE)range: < 4.2.4-3.28.1
- (no CPE)range: < 4.2.11-3.62.1
- (no CPE)range: < 4.2.12-3.44.1
- (no CPE)range: < 4.2.4-3.21.1
- (no CPE)range: < 4.2.2-3.12.1
- (no CPE)range: < 4.2.4-3.15.1
- (no CPE)range: < 4.2.5-1.15.1
- (no CPE)range: < 2.9.21-1.5.1
- (no CPE)range: < 0.1.1627546504.96a0b3e-1.27.1
- (no CPE)range: < 2.27.1-1.29.2
- (no CPE)range: < 2.27.1-3.31.1
- (no CPE)range: < 7.5.7-1.21.2
- (no CPE)range: < 7.5.7-1.21.1
- (no CPE)range: < 4.2.3-1.18.2
- (no CPE)range: < 4.2.3-1.18.1
- (no CPE)range: < 4.2.2-1.12.2
- (no CPE)range: < 4.2.2-1.12.1
- (no CPE)range: < 4.2.6-1.30.2
- (no CPE)range: < 4.2.6-1.30.1
- (no CPE)range: < 4.2.3-1.12.2
- (no CPE)range: < 4.2.3-1.12.1
- (no CPE)range: < 4.2.2-1.20.2
- (no CPE)range: < 4.2.2-1.20.1
- (no CPE)range: < 4.2.4-21.34.2
- (no CPE)range: < 4.2.4-3.28.1
- (no CPE)range: < 4.2.11-38.85.2
- (no CPE)range: < 4.2.11-3.62.1
- (no CPE)range: < 4.2.12-52.53.2
- (no CPE)range: < 4.2.12-3.44.1
- (no CPE)range: < 4.2.4-24.24.2
- (no CPE)range: < 4.2.4-3.21.1
- (no CPE)range: < 4.2.2-19.18.2
- (no CPE)range: < 4.2.2-3.12.1
- (no CPE)range: < 4.2.4-25.18.2
- (no CPE)range: < 4.2.4-3.15.1
- (no CPE)range: < 4.2.5-1.15.2
- (no CPE)range: < 4.2.5-1.15.1
Patches
Vulnerability mechanics
References
8- community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724mitrex_refsource_MISC
- community.grafana.com/t/release-notes-v6-7-x/27119mitrex_refsource_MISC
- grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/mitrex_refsource_CONFIRM
- grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/mitrex_refsource_MISC
- grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/mitrex_refsource_MISC
- grafana.com/products/enterprise/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210430-0005/mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2021/03/19/5mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.