Vulnerabilities (CVE)

Filtered by vendor Grafana Subscribe
Filtered by product Loki
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36156 1 Grafana 1 Loki 2021-09-14 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.