4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
github.com/grafana/grafana is vulnerable to path traversal. The vulnerability exists in the pluginMarkdown
function in plugins.go
, allowing an authenticated attacker to access fully lowercase or fully uppercase ‘.md’ files outside the expected directory.
www.openwall.com/lists/oss-security/2021/12/10/4
github.com/github/securitylab-vulnerabilities/commit/689fc5d9fd665be4d5bba200a6a433b532172d0f
github.com/grafana/grafana/commit/d6ec6f8ad28f0212e584406730f939105ff6c6d3
github.com/grafana/grafana/commit/fd48aee61e4328aae8d5303a9efd045fa0ca308d
github.com/grafana/grafana/pull/42979
github.com/grafana/grafana/releases/tag/v8.3.2
github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q
grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-12/
grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-2/
security.netapp.com/advisory/ntap-20220107-0006/
www.openwall.com/lists/oss-security/2021/12/10/4
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N