What is CVE-2019-15043?

CVE-2019-15043 is a vulnerability in N/a. Published 2019-09-03.

Is CVE-2019-15043 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-15043

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

EPSS: 0.909 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

community.grafana.com/t/release-notes-v6-3-x/19202 (x_refsource_MISC)
github.com/grafana/grafana/releases (x_refsource_MISC)
community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 (x_refsource_CONFIRM)
grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-sec… (x_refsource_CONFIRM)
FEDORA-2019-0bb6b876da (vendor-advisory, x_refsource_FEDORA)
FEDORA-2019-77d612eab4 (vendor-advisory, x_refsource_FEDORA)
security.netapp.com/advisory/ntap-20191004-0004/ (x_refsource_CONFIRM)
openSUSE-SU-2020:0892 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1105 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1611 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2019-15043?: CVE-2019-15043 is a vulnerability in N/a. Published 2019-09-03.
Is CVE-2019-15043 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.