CVE-2019-15043

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
grafanagrafana
2.0.0 ≤
𝑥
< 5.4.5
grafanagrafana
6.0.0 ≤
𝑥
< 6.3.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grafana
bionic
dne
disco
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
needed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
grafana
RHEL 8
0:6.3.6-1.el8
fixed
grafana-azure-monitor
RHEL 8
0:6.3.6-1.el8
fixed
grafana-cloudwatch
RHEL 8
0:6.3.6-1.el8
fixed
grafana-elasticsearch
RHEL 8
0:6.3.6-1.el8
fixed
grafana-graphite
RHEL 8
0:6.3.6-1.el8
fixed
grafana-influxdb
RHEL 8
0:6.3.6-1.el8
fixed
grafana-loki
RHEL 8
0:6.3.6-1.el8
fixed
grafana-mssql
RHEL 8
0:6.3.6-1.el8
fixed
grafana-mysql
RHEL 8
0:6.3.6-1.el8
fixed
grafana-opentsdb
RHEL 8
0:6.3.6-1.el8
fixed
grafana-postgres
RHEL 8
0:6.3.6-1.el8
fixed
grafana-prometheus
RHEL 8
0:6.3.6-1.el8
fixed
grafana-stackdriver
RHEL 8
0:6.3.6-1.el8
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569
https://community.grafana.com/t/release-notes-v6-3-x/19202
https://github.com/grafana/grafana/releases
https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RF5ARGYX3WYB7H2FDR7VAWTEQ27UX3FU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO4NBL7PKW4OSFRVZENGC42EWEJV2YAH/
https://security.netapp.com/advisory/ntap-20191004-0004/
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569
https://community.grafana.com/t/release-notes-v6-3-x/19202
https://github.com/grafana/grafana/releases
https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RF5ARGYX3WYB7H2FDR7VAWTEQ27UX3FU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO4NBL7PKW4OSFRVZENGC42EWEJV2YAH/
https://security.netapp.com/advisory/ntap-20191004-0004/