github - ghsa-qhvm-m99m-qq44

ghsa-qhvm-m99m-qq44

Vulnerability from github

Published

2022-05-24 17:45

Modified

2022-05-24 17:45

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-28148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-22T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.",
  "id": "GHSA-qhvm-m99m-qq44",
  "modified": "2022-05-24T17:45:03Z",
  "published": "2022-05-24T17:45:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28148"
    },
    {
      "type": "WEB",
      "url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724"
    },
    {
      "type": "WEB",
      "url": "https://community.grafana.com/t/release-notes-v6-7-x/27119"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/products/enterprise"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210430-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2021/03/19/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2021-28148

Vulnerability from cvelistv5

Published

2021-03-22 14:06

Modified

2024-08-03 21:40

Severity

Summary

References

URL	Tags
https://community.grafana.com/t/release-notes-v6-7-x/27119	x_refsource_MISC
https://grafana.com/products/enterprise/	x_refsource_MISC
https://www.openwall.com/lists/oss-security/2021/03/19/5	x_refsource_CONFIRM
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/	x_refsource_CONFIRM
https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724	x_refsource_MISC
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/	x_refsource_MISC
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/	x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210430-0005/	x_refsource_CONFIRM

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website