CVE-2019-15043

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
03/09/2019
Last modified:
07/11/2023

Description

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* 2.0.0 (including) 5.4.5 (excluding)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* 6.0.0 (including) 6.3.4 (excluding)