CVE-2021-43813 log

Source
Severity Medium
Remote Yes
Type Directory traversal
Description
A security issue has been found in Grafana before version 8.3.2 through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. The vulnerable URL path is: /api/plugins/.*/markdown/.* for .md files.
Group Package Affected Fixed Severity Status Ticket
AVG-2609 grafana 8.3.0-1 8.3.1-1 High Fixed
Date Advisory Group Package Severity Type
11 Dec 2021 ASA-202112-11 AVG-2609 grafana High directory traversal
References
https://github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q
https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
https://github.com/grafana/grafana/commit/06706efbbe59ad9d3075835cc31e2f734e36df95