AI Score
Confidence
Low
EPSS
Percentile
69.7%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor’/… /… /… /… /… /… /… /… /etc/passwd URI. NOTE: the vendor’s position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
[
{
"cpes": [
"cpe:2.3:a:grafana:grafana:-:*:*:*:enterprise:*:*:*"
],
"vendor": "grafana",
"product": "grafana",
"versions": [
{
"status": "affected",
"version": "8.4.3"
}
],
"defaultStatus": "unknown"
}
]