Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44643: Grafana Enterprise | Self-managed Prometheus service

In Grafana Enterprise Metrics (GEM) before 1.7.1 and 2.x before 2.3.1, after creating an Access Policy that is granted access to all tenants as well as specified a specific label matcher, the label matcher is erroneously not propagated to queries performed with this access policy. Thus, more access is granted to the policy than intended.

CVE
#mac#git#oauth#auth#ssl

Grafana Enterprise Metrics

Introducing a scalable, self-hosted Prometheus service that is seamless to use, simple to operate/maintain, and supported by Grafana Labs.

Offer Prometheus-as-a-Service on-premise for your teams today.

Traditional approach

DIY style of scaling Prometheus is complex and requires a lot of effort to maintain throughout different teams.

Scale is limited to a single machine

Lacks data governance, resulting in all-or-nothing access to metrics

Requires a lot of effort to deploy and maintain

Grafana Enterprise Metrics Approach

Enables Prometheus-as-a-Service for large organizations running at scale.

Centralized, horizontally scalable, replicated architecture

Centralized access control and authentication

Simple to deploy and maintain your complete set of metrics in one centralized, cost-effective way

Architected for scale

Grafana Enterprise Metrics provides a centralized, horizontally scalable, replicated architecture so you can easily manage and maintain your Prometheus implementation based on your specific architecture.

Easily store application and infrastructure metrics in one centralized cluster, or across multiple clusters without needing a dedicated team.

Operations made simple

Simple to get started

Grafana Enterprise Metrics gives organizations a fully assembled and configured monitoring stack out of the box so there’s no need to build systems from open source components

Simple to manage

Easily create and manage tenants and set up authentication for them with an intuitive API-driven UI.

Simple to customize

Best-in-class query performance means you can quickly create real-time dashboards that can be shared throughout your organization.

Global insights for the whole team

Run a better service with built-in global insights into how your teams use Grafana Enterprise Metrics.

Quickly fix problems like cardinality explosions or query errors

Is there a cardinality explosion?

Where are query errors occurring?

Control costs by weeding out series that are never used or inefficiently used

Which series are most popular, and which ones are never used?

How much storage space does each series and source consume?

What’s the ingestion and query rate of each series?

Find out who’s doing what, for security, chargebacks, and better service

Where is data coming from?

Which users are querying which data?

Integrates with your tooling

Grafana Enterprise

Integrate with Grafana Enterprise to provide an easy-to-use UI to manage Grafana Enterprise Metrics clusters and tenants.

Prometheus

Integrates with your existing Prometheus ecosystem so there’s no need to manually edit and manage configuration files. View and edit your Prometheus-style alerting rules all in one place.

Graphite

Integrates with Graphite-based data ingestion and querying, so you can either modernize your existing Graphite systems or transition to Prometheus. Let your team choose the Graphite query language or PromQL.

Next-level security

Enterprise-grade access control allows you to go beyond coarse-level read and write permissions to permissions based on Prometheus label value or tenant ID.

Enterprise-grade access control allows you to go beyond read and write permissions with fine-grained access control within and across instances.

Robust data-access policies enable administrators to secure and govern data.

Centralized authentication allows you to seamlessly integrate with a current authentication provider.

Support

With Grafana Enterprise Metrics, your team gets support, training, and consulting provided by the Grafana Labs team, including maintainers of Prometheus and Grafana Mimir. We’ll help with anything your organization needs to implement Prometheus and Grafana Enterprise Metrics.

Features

Prometheus

A systems and service monitoring system with flexible queries and real-time alerting

Prometheus on Github →

Grafana Enterprise Metrics

Prometheus with enterprise-grade scalability, durability, administration, integrations, security, and support

Contact us →

****Runs on-premise****

Deploy in your own data center or cloud capacity.

****PromQL****

A powerful language for querying and representing data.

****Efficient storage of time series****

Time series data stored in an efficient custom format.

****Alertmanager****

Precise alerting rules, rule evaluation, and many integrated outputs.

****Long-term storage****

Durable storage of Prometheus and Graphite metrics.

****High availability****

Replication ensures there are no gaps in metric data when a machine fails.

****Horizontal scalability****

Automatically and seamlessly shard data among replicas, so you can grow and shrink the cluster on demand. Scale to hundreds of millions of active metrics series at millions of data points per second.

****A global view of metrics****

Perform queries that aggregate metrics across multiple Prometheus instances and long-term storage.

****Multi-tenancy****

Isolate data and queries from independent teams or business units in a single cluster.

****Governance****

Set per-tenant limits on querying and metrics written to ensure fair usage of the cluster.

****Centralized authentication****

Create keys to authenticate all reads and writes to your cluster, or use JWTs from your existing OAuth OpenID Connect implementation.

****Label-based access controls****

Create policies that restrict users to a subset of team or business unit metrics based on label values.

****Out-of-the-box self-monitoring****

Ships with system-health metrics readily available and exposed via automatically provisioned dashboards that reflect best-practice monitoring.

****Cross-cluster query federation****

Merge query results from metric clusters running in different data centers or geographies to create a global view of your data.

****Administration UI****

Use a UI built into Grafana to edit access policies, tenant limits, and configuration options and monitor GEM system health.

****Indemnification****

Protection and peace of mind about offering Grafana Enterprise Metrics as a critical service within your organization.

****Customer support****

Includes services like training and consulting as well as bug fixes and security updates.

****Integrated experience****

Integration with Grafana Enterprise, Prometheus, Graphite, Loki, and Tempo.

****Usage insights****

Quickly answer how the system is being utilized at a per-team/per-business unit granularity.

Get the information needed for usage-based billing to internal customers.

Coming soon.

Resources

Demo video: Running Prometheus-as-a-service with Grafana Enterprise Metrics

Learn more →

Blog: What’s new in Grafana Enterprise Metrics for scaling Prometheus

Learn more →

Try Grafana Enterprise Metrics

Offer your teams a scalable Prometheus service that is seamless to use, simple to maintain, and supported by Grafana Labs.

Contact us

Related news

CVE-2022-44643: Downloads | Grafana Enterprise Metrics documentation

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907