BrotherOfJhonny/grafana

BrotherOfJhonny/grafana

Releases0

Stars29

grafana 8.4.3 (b7d2911ca)

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-32276 ↗	Jun 17, 2022Friday, 17 June 2022, 13:15	7.5 HIGH	5 MEDIUM
Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability
CVE-2022-32275 ↗	Jun 6, 2022Monday, 6 June 2022, 19:15	7.5 HIGH	5 MEDIUM
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content