CVE-2021-43815 log

Source
Severity Medium
Remote Yes
Type Directory traversal
Description
A security issue has been found in Grafana 8 before version 8.3.2 through which authenticated users could read out arbitrary .csv files through directory traversal. The vulnerable URL path is: /api/ds/query.
Group Package Affected Fixed Severity Status Ticket
AVG-2609 grafana 8.3.0-1 8.3.1-1 High Fixed
Date Advisory Group Package Severity Type
11 Dec 2021 ASA-202112-11 AVG-2609 grafana High directory traversal
References
https://github.com/grafana/grafana/security/advisories/GHSA-7533-c8qv-jm9m
https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
https://github.com/grafana/grafana/commit/1d7105c0959df2083814237024f7ec098a76099b