Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
References
Link | Resource |
---|---|
https://github.com/BrotherOfJhonny/grafana | Exploit Third Party Advisory |
https://github.com/BrotherOfJhonny/grafana/blob/main/README.md | Exploit Third Party Advisory |
https://github.com/grafana/grafana/issues/50336 | Exploit Issue Tracking Third Party Advisory |
https://github.com/grafana/grafana/issues/50341#issuecomment-1155252393 | Third Party Advisory |
https://grafana.com | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220715-0008/ | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
Summary | Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content |
09 Dec 2022, 16:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/grafana/grafana/issues/50336 - Exploit, Issue Tracking, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220715-0008/ - Third Party Advisory | |
References | (MISC) https://github.com/grafana/grafana/issues/50341#issuecomment-1155252393 - Third Party Advisory |
08 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | ** DISPUTED ** Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content. |
15 Jul 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) https://grafana.com - Vendor Advisory | |
References | (MISC) https://github.com/BrotherOfJhonny/grafana/blob/main/README.md - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/BrotherOfJhonny/grafana - Exploit, Third Party Advisory | |
CWE | CWE-22 | |
CPE | cpe:2.3:a:grafana:grafana:8.4.3:*:*:*:*:*:*:* | |
First Time |
Grafana
Grafana grafana |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
09 Jun 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-06 19:15
Updated : 2024-03-21 02:43
NVD link : CVE-2022-32275
Mitre link : CVE-2022-32275
CVE.ORG link : CVE-2022-32275
JSON object : View
Products Affected
grafana
- grafana
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')