CVE-2021-27358

High

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a…

mitre·NVD-CWE-noinfo·Published 2021-03-18

CVSS

7.5

EPSS

0.83

KEV

Exploits

cve.orgen

191 chars

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

NVDen

191 chars

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.

The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. ### Specific Go Packages Affected github.com/grafana/grafana/pkg/middleware

GHSAen

260 chars

NVDes

251 chars

La funcionalidad snapshot en Grafana versiones 6.7.3 hasta la 7.4.1, puede permitir a atacantes remotos no autenticados desencadenar una Denegación de Servicio por medio de una llamada de la API remota si es ajustada una configuración usada comúnmente

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	6.9	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:R