7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
43.8%
Grafana is an open-source platform for monitoring and observability. Using
public dashboards users can query multiple distinct data sources using
mixed queries. However such query has a possibility of crashing a Grafana
instance. The only feature that uses mixed queries at the moment is public
dashboards, but it’s also possible to cause this by calling the query API
directly. This might enable malicious users to crash Grafana instances
through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to
receive a fix.