CVE-2022-32275
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-32275
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32275.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-32275
- Aliases
- Published
- 2022-06-06T19:15:09Z
- Modified
- 2024-11-21T07:06:05Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
- Database specific
{ "isDisputed": true }- References
-
- https://github.com/BrotherOfJhonny/grafana
- https://github.com/BrotherOfJhonny/grafana/blob/main/README.md
- https://github.com/grafana/grafana/issues/50336
- https://github.com/grafana/grafana/issues/50341#issuecomment-1155252393
- https://grafana.com
- https://security.netapp.com/advisory/ntap-20220715-0008/