Lucene search
PRIOn knowledge basePRION:CVE-2021-36157HistoryAug 03, 2021 - 3:15 p.m.
Directory traversal
2021-08-0315:15:00
PRIOn knowledge base
www.prio-n.com
4
An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae …/…/sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)
Related
osv
osv
CVE-2021-36157
2021-08-03 15:15:08
Path traversal in Grafana Cortex
2021-09-02 21:59:50
cvelist
cvelist
CVE-2021-36157
2021-08-03 14:03:49
github
github
Path traversal in Grafana Cortex
2021-09-02 21:59:50
cve
cve
CVE-2021-36157
2021-08-03 15:15:08
redhatcve
redhatcve
CVE-2021-36157
2023-03-30 13:43:53
nvd
nvd
CVE-2021-36157
2021-08-03 15:15:08
redhat
redhat