CVE-2021-43813 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Directory traversal
Description	A security issue has been found in Grafana before version 8.3.2 through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. The vulnerable URL path is: /api/plugins/./markdown/. for .md files.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2609	grafana	8.3.0-1	8.3.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Dec 2021	ASA-202112-11	AVG-2609	grafana	High	directory traversal

References
https://github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/ https://github.com/grafana/grafana/commit/06706efbbe59ad9d3075835cc31e2f734e36df95

References

https://github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q
https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
https://github.com/grafana/grafana/commit/06706efbbe59ad9d3075835cc31e2f734e36df95