Lucene search
MitreCVELIST:CVE-2021-36156HistoryAug 03, 2021 - 2:12 p.m.
CVE-2021-36156
2021-08-0314:12:11
mitre
www.cve.org
5
grafana loki
directory traversal
x-scope-orgid
rules files
EPSS
0.001
Percentile
34.8%
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae …/…/sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.
Related
archlinux
archlinux
[ASA-202108-12] loki: directory traversal
2021-08-10 00:00:00
github
github
Path traversal in Grafana Loki
2021-09-02 22:00:40
veracode
veracode
Directory Traversal
2021-08-04 09:34:24
prion
prion
Directory traversal
2021-08-03 15:15:00
redhatcve
redhatcve
CVE-2021-36156
2023-03-30 13:43:43
osv
osv
CGA-4xv5-8vr9-w28r
2024-06-06 12:23:51
Path traversal in Grafana Loki
2021-09-02 22:00:40
CVE-2021-36156
2021-08-03 15:15:08
nvd
nvd
CVE-2021-36156
2021-08-03 15:15:08
cve
cve
CVE-2021-36156
2021-08-03 15:15:08