Lucene search
MitreVULNRICHMENT:CVE-2022-32275HistoryJun 06, 2022 - 6:29 p.m.
CVE-2022-32275
2022-06-0618:29:07
mitre
github.com
6
grafana
file reading
vulnerability
AI Score
6.7
Confidence
Low
EPSS
0.003
Percentile
69.7%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor’/… /… /… /… /… /… /… /… /etc/passwd URI. NOTE: the vendor’s position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:grafana:grafana:-:*:*:*:enterprise:*:*:*"
],
"vendor": "grafana",
"product": "grafana",
"versions": [
{
"status": "affected",
"version": "8.4.3"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
CVE-2022-32275
2022-06-06 18:29:07
nvd
nvd
CVE-2022-32275
2022-06-06 19:15:09
osv
osv
BIT-grafana-2022-32275
2024-03-06 10:56:01
ubuntucve
ubuntucve
CVE-2022-32275
2022-06-06 00:00:00
prion
prion
Design/Logic Flaw
2022-06-06 19:15:00
cve
cve
CVE-2022-32275
2022-06-06 19:15:09
redhatcve
redhatcve
CVE-2022-32275
2022-06-29 14:35:51
nessus
nessus
RHEL 9 : grafana (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : grafana (Unpatched Vulnerability)
2024-06-03 00:00:00
AI Score
6.7
Confidence
Low
EPSS
0.003
Percentile
69.7%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2022-32275