Vulnerabilities (CVE)

Filtered by vendor Grafana Subscribe
Filtered by product Enterprise Metrics
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-31231 1 Grafana 1 Enterprise Metrics 2021-06-11 2.1 LOW 5.5 MEDIUM
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.