VYPR

Enterprise Metrics

by Grafana

CVEs (3)

  • CVE-2021-28148Mar 22, 2021
    risk 0.01cvss epss 0.04

    One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a…

  • CVE-2021-31231Apr 30, 2021
    risk 0.00cvss epss 0.00

    The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a…

  • CVE-2021-27962Mar 22, 2021
    risk 0.00cvss epss 0.02

    Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.