One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-22T14:06:40
Updated: 2024-08-03T21:40:12.000Z
Reserved: 2021-03-11T00:00:00
Link: CVE-2021-28148
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-03-22T15:15:14.597
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-28148
Redhat