cbcvebase.
CVE-2019-15043
published 2019-09-03

CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the…

PriorityP269high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
63.39%
99.1th percentile
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

Affected

2 ranges
VendorProductVersion rangeFixed in
grafanagrafana>= 2.0.0 < 5.4.55.4.5
grafanagrafana>= 6.0.0 < 6.3.46.3.4

Detection & IOCsextracted from sources · hover to see the quote

url/api/snapshots
url/api/snapshots
commandPOST /api/snapshots
sigma
HTTP POST to /api/snapshots with unauthenticated request returning 200 and body containing 'deleteUrl', 'deleteKey', 'key', 'url'
  • Check for unauthenticated access to /api/snapshot/shared-options as a secondary indicator of snapshot API exposure.
  • ·Setting 'external_enabled = false' in grafana.ini only disables external snapshot sharing and removes /api/snapshot/shared-options; it does NOT fully disable the /api/snapshots endpoint, leaving the DoS vector partially open.
  • ·OpenShift Container Platform deployments protect Grafana behind oauth-proxy, which prevents unauthenticated access and mitigates this vulnerability regardless of Grafana version.
  • ·Fedora deployments of Grafana shipped with external_enabled = false by default in grafana.ini, but this does not prevent a user from re-enabling the snapshot feature.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.