GHSA-h5rh-w6vm-9ghc

Опубликовано: 15 фев. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.2

Описание

Denial of service in Grafana

The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

Specific Go Packages Affected

github.com/grafana/grafana/pkg/middleware

Ссылки

Пакеты

Наименование

github.com/grafana/grafana

Затронутые версииВерсия исправления

>= 6.7.3, < 7.4.2

7.4.2

EPSS

Процентиль: 99%

0.72805

Высокий

8.2 High

CVSS3

CVE ID

CVE-2021-27358

Дефекты

CWE-306

CWE-400

Связанные уязвимости

CVE-2021-27358

CVSS3: 7.5

ubuntu

больше 4 лет назад

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

CVE-2021-27358

CVSS3: 7.5

redhat

больше 4 лет назад

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

CVE-2021-27358

CVSS3: 7.5

nvd

больше 4 лет назад

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

CVE-2021-27358

CVSS3: 7.5

debian

больше 4 лет назад

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...

openSUSE-SU-2021:2662-1

suse-cvrf

почти 4 года назад

Security update for grafana

EPSS

Процентиль: 99%

0.72805

Высокий

8.2 High

CVSS3

CVE ID

CVE-2021-27358

Дефекты

CWE-306

CWE-400