DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2021-36156

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-36156

CGA ID

CGA-75gr-qh26-9397

Severity

5.3

Medium

CVSS V3

Description

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.

References

  • https://images.chainguard.dev/security/CGA-75gr-qh26-9397

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images