We received a security report to firstname.lastname@example.org on August 12, 2019, about a vulnerability in Grafana involving incorrect access to the HTTP API. It was later identified as affecting Grafana versions from 2.0.0 to 6.3.3. CVE-2019-15043 has been reserved for this vulnerability.
This vulnerability allows a user/client to access parts of the Grafana HTTP API without being authenticated. This makes it possible to run a denial of service attack against the server running Grafana.
Grafana releases 2.0.0 through 6.3.3 are affected by this vulnerability.
Solutions and mitigations
Download and install the appropriate patch for your version of Grafana.