| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Directory traversal |
|
| Description |
| + |
A security issue has been found in Grafana before version 8.3.2 through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. The vulnerable URL path is: /api/plugins/.*/markdown/.* for .md files. |
|
| References |
| + |
https://github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q |
| + |
https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/ |
| + |
https://github.com/grafana/grafana/commit/06706efbbe59ad9d3075835cc31e2f734e36df95 |
|
| Notes |
|