Description
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2000-0413)
Oracle Database Server CVE-2015-0479 Vulnerability (CVE-2015-0479)
Apache HTTP Server Other Vulnerability (CVE-2004-1834)
WordPress Plugin Smart Layers by AddThis Unspecified Vulnerability (1.0.1)
WordPress Plugin Gravity Upload Ajax Arbitrary File Upload (1.1)