Showing 1 - 3 of 3

CVE-2021-43813

Status Candidate

Overview

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.

Related Files

Red Hat Security Advisory 2022-6024-01: Posted Aug 10, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-6024-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 5.2 and Red Hat Enterprise Linux 8.6 and Red Hat Enterprise Linux 9. Issues addressed include a traversal vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-40528, CVE-2021-43813, CVE-2022-0670, CVE-2022-1292, CVE-2022-1586, CVE-2022-1785, CVE-2022-1897, CVE-2022-1927, CVE-2022-2068, CVE-2022-2097, CVE-2022-21673, CVE-2022-22576, CVE-2022-25313, CVE-2022-25314; SHA-256 | e52fb3bea97275ad943bc6b64258f5d9ee9ee01ef78ecf3d9c444d899bebb1ef; Download | Favorite | View

Red Hat Security Advisory 2022-5006-01: Posted Jun 19, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2018-25032, CVE-2021-25219, CVE-2021-3634, CVE-2021-3737, CVE-2021-38185, CVE-2021-3981, CVE-2021-4189, CVE-2021-43813, CVE-2022-1154, CVE-2022-1271, CVE-2022-1650, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806, CVE-2022-24675, CVE-2022-24785, CVE-2022-28327, CVE-2022-29224, CVE-2022-29225, CVE-2022-29226, CVE-2022-29228, CVE-2022-31045; SHA-256 | 6f6ba67471416e8a7e06343894cacbc3dcadc86799322067063a37ae1ba3d122; Download | Favorite | View

Red Hat Security Advisory 2022-1781-01: Posted May 11, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1781-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a traversal vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-43813; SHA-256 | c386450a163d13ce56c292e4f66238308d45cd07817f61470be0354dc3b6a339; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2021-43813

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems