Home

CVE-2019-15043

Description

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
90.675

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-15043 are affected in GrafanaEnterprise 5.4.4_priateWindows
Vulnerabilities CVE-2019-15043 are affected in GrafanaEnterprise 6.3.3Windows
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-azure-monitor-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-cloudwatch-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-elasticsearch-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-graphite-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-influxdb-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-loki-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-mssql-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-mysql-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-opentsdb-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-postgres-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-prometheus-6.3.6-1.el8.x86_64.rpmLinux
(RHSA-2020:1659) grafana security, bug fix, and enhancement update grafana-stackdriver-6.3.6-1.el8.x86_64.rpmLinux
SUSE-SU-2020:1970-1(SUSE Linux Enterprise Server 12-SP5 ) golang-github-prometheus-node_exporter-0.18.1-1.6.2.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-azure-monitor-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-cloudwatch-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-elasticsearch-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-graphite-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-influxdb-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-loki-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-mssql-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-mysql-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-opentsdb-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-postgres-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-prometheus-6.3.6-1.el8.x86_64.rpmLinux
(CESA-2020:1659) grafana security, bug fix, and enhancement update grafana-stackdriver-6.3.6-1.el8.x86_64.rpmLinux
Grafana update (ELSA-2023-6972) grafana-9.2.10-7.el8_9.x86_64.rpmLinux
Missing Authentication for Critical Function Vulnerability (CVE-2019-15043)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-335779GrafanaEnterprise (10.3.1)
PATCH-335779GrafanaEnterprise (10.3.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234