Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-28148

Опубликовано: 18 мар. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

A flaw was found in Grafana Enterprise. The HTTP API endpoint for usage insights can be used by any unauthenticated user to send an unlimited number of requests to that endpoint, leading to a denial of service (DoS). The highest threat from this vulnerability is to system availability.

Отчет

Red Hat products do not ship Grafana Enterprise version, therefore they are not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1servicemesh-grafanaNot affected
OpenShift Service Mesh 2.0servicemesh-grafanaNot affected
Red Hat Advanced Cluster Management for Kubernetes 2grafanaNot affected
Red Hat Ceph Storage 2grafanaNot affected
Red Hat Ceph Storage 3grafanaNot affected
Red Hat Ceph Storage 3grafana-containerNot affected
Red Hat Ceph Storage 4rhceph/rhceph-4-dashboard-rhel8Not affected
Red Hat Enterprise Linux 8grafanaNot affected
Red Hat Enterprise Linux 9grafanaNot affected
Red Hat OpenShift Container Platform 3.11openshift3/grafanaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1938981grafana: usage insights API endpoint doesn't limit number of requests which could result in DoS

EPSS

Процентиль: 88%
0.04284
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-28148

CVSS3: 7.5
ubuntu
около 4 лет назад

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

nvd логотип

CVE-2021-28148

CVSS3: 7.5
nvd
около 4 лет назад

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

debian логотип

CVE-2021-28148

CVSS3: 7.5
debian
около 4 лет назад

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x ...

github логотип

GHSA-qhvm-m99m-qq44

CVSS3: 7.5
github
около 3 лет назад

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

suse-cvrf логотип

openSUSE-SU-2021:2675-1

suse-cvrf
почти 4 года назад

Security update for SUSE Manager Client Tools

EPSS

Процентиль: 88%
0.04284
Низкий

7.5 High

CVSS3