An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service).
| Vendor | Product | Versions |
|---|---|---|
| grafana labs | grafana | 11.6.0, 12.2.0, 12.3.0, 12.4.0, 13.0.0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| grafana | grafana | cert_advisory | 90% |
Updated affected versions, changed severity to HIGH, marked as actively exploited, and noted that no exploit is available.
Initial creation