20 matches found
Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
GHSA-497X-RRR9-68JP Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
Grafana Loki 安全漏洞
Grafana Loki is an open-source log aggregation system developed by Grafana. There is a security vulnerability in Grafana Loki, which stems from insufficient validation of path traversal sequences. This vulnerability could allow attackers to read Ruler API endpoint files through double-encryption...
Grafana Loki Path Traversal - CVE-2021-36156 Bypass
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...
EUVD-2021-2065
Malware in sbrugna...
Important: Red Hat Security Advisory: Network observability 1.3.0 for Openshift
Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...
Moderate: Red Hat Security Advisory: Network observability 1.2.0 for Openshift
Network Observability 1.2.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...
CVE-2021-36156
A flaw was found in Grafana Loki that could allow a remote attacker to traverse directories on the system, caused by improper input validation by the X-Scope-OrgID header value. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view some of the contents...
This Week in Spring - March 28th, 202
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm reporting to you from Los Angeles, where my family and I have gone for my daughter's spring break. We're going to survey some prospective colleges and we're going to Disneyland. Needless to say, I'm doubly glad to have al...
Important: Red Hat Security Advisory: Network observability 1.1.0 security update
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
SUSE CVE-2021-36156
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...
GHSA-GRJ5-8X6Q-HC9Q Path traversal in Grafana Loki
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...
Path traversal in Grafana Loki
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...
[ASA-202108-12] loki: directory traversal
Arch Linux Security Advisory ASA-202108-12 ========================================== Severity: Medium Date : 2021-08-10 CVE-ID : CVE-2021-36156 Package : loki Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2250 Summary ======= The package loki before version...
CVE-2021-36156
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...
CVE-2021-36156
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...
Directory traversal
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...
CVE-2021-36156
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...
PT-2021-21144
Name of the Vulnerable Software and Affected Versions: Grafana Loki versions through 2.2.1 Description: An issue was discovered where the header value X-Scope-OrgID is used to construct file paths for rules files. If this value is crafted to conduct directory traversal, such as...
Grafana 路径遍历漏洞
Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana Loki 2.2.1 and earlier versions, which stem...