Grafana Enterprise 6.6.0 introduced a new HTTP API endpoint for usage insights which allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attacks against Grafana Enterprise instances. We have reserved CVE-2021-28148 for this issue. This vulnerability allows users to perform DoS attacks.
Red Hat products do not ship Grafana Enterprise version, therefore they are not affected by this vulnerability.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):