Количество 11
Количество 11
CVE-2021-43815
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.
CVE-2021-43815
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.
CVE-2021-43815
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.
CVE-2021-43815
Grafana is an open-source platform for monitoring and observability. G ...
GHSA-7533-c8qv-jm9m
Grafana directory traversal for .cvs files
SUSE-SU-2024:0487-1
Security update for SUSE Manager Client Tools
SUSE-SU-2022:4437-1
Security update for SUSE Manager Client Tools
SUSE-SU-2022:4428-1
Security update for grafana
SUSE-SU-2022:1396-1
Security update for SUSE Manager Client Tools
SUSE-FU-2022:1419-1
Feature update for grafana
SUSE-SU-2022:2134-1
Security update for SUSE Manager Client Tools
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-43815 Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. | CVSS3: 4.3 | 1% Низкий | около 4 лет назад |
 | CVE-2021-43815 Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. | CVSS3: 4.3 | 1% Низкий | около 4 лет назад |
 | CVE-2021-43815 Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. | CVSS3: 4.3 | 1% Низкий | около 4 лет назад |
| CVE-2021-43815 Grafana is an open-source platform for monitoring and observability. G ... | CVSS3: 4.3 | 1% Низкий | около 4 лет назад |
| GHSA-7533-c8qv-jm9m Grafana directory traversal for .cvs files | CVSS3: 4.3 | 1% Низкий | больше 1 года назад |
 | SUSE-SU-2024:0487-1 Security update for SUSE Manager Client Tools | почти 2 года назад | ||
| SUSE-SU-2022:4437-1 Security update for SUSE Manager Client Tools | около 3 лет назад | ||
| SUSE-SU-2022:4428-1 Security update for grafana | около 3 лет назад | ||
| SUSE-SU-2022:1396-1 Security update for SUSE Manager Client Tools | больше 3 лет назад | ||
| SUSE-FU-2022:1419-1 Feature update for grafana | больше 3 лет назад | ||
| SUSE-SU-2022:2134-1 Security update for SUSE Manager Client Tools | больше 3 лет назад |
Уязвимостей на страницу