Описание
An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)
A flaw in the Grafana cortex package could allow a remote attacker to traverse directories on the system caused by improper input validation by the X-Scope-OrgID header value. An attacker could send a specially-crafted URL request containing "dot-dot" sequences (/../) to view some of the contents in the error message.
Отчет
CVE-2021-36157 refers to a directory traversal issue in Grafana Cortex, which is neither shipped in Red Hat Enterprise Linux, nor it has any dependency with Grafana package, hence, not-affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rbac-query-proxy-container | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/endpoint-monitoring-rhel8-operator | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grafana-dashboard-loader-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/metrics-collector-rhel9 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/multicluster-observability-rhel8-operator | Not affected | ||
| Red Hat Enterprise Linux 8 | grafana | Not affected | ||
| Red Hat Enterprise Linux 9 | grafana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-cluster-monitoring-operator | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)
EPSS
5.3 Medium
CVSS3