VDB
BIT-grafana-2021-28148
BIT-grafana-2021-28148
PUBLISHED
CVSS 7.5 HIGH
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | grafana | 6.0.0, 7.0.0, 7.4.0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated
References
- https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 url
- https://community.grafana.com/t/release-notes-v6-7-x/27119 url
- https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ url
- https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ url
- https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ url
- https://grafana.com/products/enterprise/ url
- https://security.netapp.com/advisory/ntap-20210430-0005/ url
- https://www.openwall.com/lists/oss-security/2021/03/19/5 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-28148 url