** DISPUTED ** Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor’/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor’s position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content. (CVSS:5.0) (Last Update:2022-09-08)Latest security vulnerabilities (Directory Traversal) (CVSS score >= 4) 


More To Explore

Do You Want To Secure Your Business?

drop us a line and keep in touch

Cyber Security Automation
Generated by Feedzy