Lucene search
K

124 matches found

Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: zarf-fips, harbor, osv-scanner, rancher, knative-eventing-fips, spire-server, k9s-fips, argocd-image-updater, vitess, docker-machine-driver-harvester, trivy-fips, cloudbeat, mattermost, prometheus-mongodb-exporter, flux-image-automation-controller-fips, snyk-cli,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard, snyk-cli, rancher, chisel, spire-server, fscrypt, kaf, kubescape, rancher-agent, flux-source-controller, flux-image-automation-controller, knative-serving, minio, external-dns, telegraf, vitess, cilium, k9s, skaffold, kubernetes,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: snyk-cli, chisel, pulumi-language-yaml, terragrunt, ksops, gomplate, wolfictl, caddy, fulcio, vault-benchmark, telegraf, cosign, dagger, witness, podman, pulumi-language-java, helm, kots, step-issuer, prometheus, crossplane-provider-azure-authorization, gh,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.6 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard, snyk-cli, buildah, rancher, spire-server, fscrypt, kaf, rancher-agent, knative-serving, minio, external-dns, telegraf, vitess, cilium, kubernetes, podman, k3s, nerdctl, flux, cloud-provider-aws, helm, mattermost, cert-manager, kots, containerd,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: snyk-cli, pulumi-language-yaml, terragrunt, gomplate, wolfictl, caddy, telegraf, dagger, witness, podman, pulumi-language-java, helm, kots, step-issuer, prometheus, pulumi-language-dotnet, teleport, go-discover, opentofu, gitlab-kas, zot, nerdctl, kubernetes-dashboar...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/26 8:42 a.m.5 views

BIT-GRAFANA-2026-10601 Path traversal in the Tempo and Loki data source plugins

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5115 Grafana Loki Path Traversal - CVE-2021-36156 Bypass in github.com/grafana/loki

Grafana Loki Path Traversal - CVE-2021-36156 Bypass in github.com/grafana/loki...

5.3CVSS5.8AI score0.00409EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/24 2:45 a.m.7 views

SUSE CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 7:32 p.m.10 views

CVE-2026-10601

A flaw was found in the Tempo and Loki datasource plugins. A remote attacker with a Viewer role could exploit a path traversal vulnerability by manipulating user-supplied input in URL paths. This could allow the attacker to capture sensitive administrator-configured datasource credentials, invoke...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 2:17 p.m.11 views

CVE-2026-42129

A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information...

7.7CVSS0.00394EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 2:16 p.m.13 views

CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.86 views

CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 1:18 p.m.6 views

CVE-2026-10601 Path traversal in the Tempo and Loki data source plugins

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:18 p.m.160 views

CVE-2026-10601

CVE-2026-10601 affects Grafana Tempo and Loki datasource plugins. The root cause is unsanitized user input interpolated into backend HTTP URL paths, enabling path traversal. A Viewer-role user can (1) retrieve admin-configured datasource credentials via an attacker-controlled endpoint, (2) trigge...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:18 p.m.34 views

CVE-2026-10601 Path traversal in the Tempo and Loki data source plugins

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS0.00258EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.5 views

CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0
OSV
OSV
added 2026/06/22 1:18 p.m.3 views

CVE-2026-10601 Path traversal in the Tempo and Loki data source plugins

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.10 views

CVE-2026-42129

A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information...

7.7CVSS6.1AI score0.00394EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/22 1:18 p.m.7 views

EUVD-2026-38241

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 1:18 p.m.7 views

CVE-2026-42129 Path traversal in the Loki data source plugin

A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information...

7.7CVSS6.1AI score0.00394EPSS
Exploits0References1
Rows per page
Query Builder