5
CVSSv2

CVE-2019-15043

Published: 03/09/2019 Updated: 04/10/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

In Grafana 2.x up to and including 6.x prior to 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

grafana grafana

Vendor Advisories

Synopsis Moderate: grafana security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for grafana is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...
Arch Linux Security Advisory ASA-201908-21 ========================================== Severity: Medium Date : 2019-08-30 CVE-ID : CVE-2019-15043 Package : grafana Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-1034 Summary ======= The package grafana before version 634-1 is vulnerable to denial of se ...
This vulnerability allows any unauthenticated user/client to access the Grafana snapshot HTTP API and create a denial of service attack by posting large amounts of dashboard snapshot payloads to the /api/snapshotsHTTP API endpoint ...

Github Repositories

POC scanner for the Grafana vulnerability CVE-2019-15043

CVE-2019-15043 POC Description Proof of concept scan to check if a Grafana server is vulnerable to CVE-2019-15043 Checks the Grafana server version number and checks to see if the snapshot API allows for unauthenticated requests CVE-2019-15043 CVE-2019-15043 is a Denial-of-service vulnerability found in the Grafana snapshots API This vulnerability was fixed in versions 545

CVE-POC 2021 CVE-2021-1675 CVE-2021-1675- Impacket implementation of the PrintNightmare PoC cube0x0/CVE-2021-1675 CVE-2021-21315 CVE-2021-21315 - NodeJS OS sanitize service Parameters Command Injection ForbiddenProgrammer/CVE-2021-21315-PoC Twitter/@wugeej CVE-2021-21972 CVE-2021-21972 - vCenter Server RCE GuayoyoCyber/CVE-2021-21972 Twitter/@wugeej CVE-2021-21975

Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.

Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests and grow the list Template Directory ├── LICENSE ├── READMEmd ├── basic-dete

Customized templates originally pulled from `projectdiscovery/nuclei-templates`

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

Kenzer Templates [1289] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\

TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\cvescan\critical\CVE-2018-1

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android