DirectorySecurity Advisories
Sign In
Security Advisories

CGA-75gr-qh26-9397

Published

Last updated

https://images.chainguard.dev/security/CGA-75gr-qh26-9397
Package

grafana-8

Latest Update
Fix not planned
Aliases
  • CVE-2021-36156
  • GHSA-grj5-8x6q-hc9q

Severity

5.3

Medium

CVSS V3

Summary

Path traversal in Grafana Loki

Description

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation