Back to bug 2030422

Who When What Removed Added
Guilherme de Almeida Suckevicz 2021-12-08 18:13:41 UTC Blocks 2030423
Stefan Heijmans 2021-12-09 08:04:09 UTC CC s.heijmans
Przemyslaw Roguski 2021-12-09 13:07:47 UTC Fixed In Version grafana 8.3.1, grafana 8.2.7, grafana 8.1.8, grafana 8.0.7
Przemyslaw Roguski 2021-12-09 13:20:08 UTC Doc Text A directory path traversal vulnerability has been found in Grafana. Due to lack of the path normalization in the /public/plugins// URL, an attacker might be able to get read access to the local files.
Hardik Vyas 2021-12-09 13:33:52 UTC Comment 1 updated
RaTasha Tillery-Smith 2021-12-09 17:34:11 UTC Doc Text A directory path traversal vulnerability has been found in Grafana. Due to lack of the path normalization in the /public/plugins// URL, an attacker might be able to get read access to the local files. A directory path traversal vulnerability was found in Grafana. This flaw allows an attacker to obtain read access to the local files due to a lack of path normalization in the /public/plugins// URL.
Borja Tarraso 2021-12-14 07:02:14 UTC Depends On 2032145
Red Hat Bugzilla 2022-01-08 05:32:00 UTC CC jokerman
Red Hat Bugzilla 2022-03-10 13:36:07 UTC CC mgoodwin
Red Hat Bugzilla 2022-06-30 23:03:11 UTC CC erooth
Red Hat Bugzilla 2022-08-12 04:30:46 UTC CC amuller
Stefan Heijmans 2022-12-05 12:32:38 UTC CC s.heijmans
Red Hat Bugzilla 2023-01-01 05:32:27 UTC CC amctagga
Red Hat Bugzilla 2023-01-01 05:47:16 UTC CC flucifre
Red Hat Bugzilla 2023-01-01 05:52:30 UTC CC mhackett
Red Hat Bugzilla 2023-01-01 06:02:23 UTC CC bniver
Red Hat Bugzilla 2023-01-01 08:34:48 UTC CC mbenjamin
Red Hat Bugzilla 2023-01-01 08:44:02 UTC CC sostapov
Red Hat Bugzilla 2023-01-01 08:48:30 UTC CC vereddy
Alasdair Kergon 2023-01-04 05:43:50 UTC CC sostapov
Alasdair Kergon 2023-01-04 06:11:25 UTC CC bniver
Alasdair Kergon 2023-01-04 06:23:48 UTC CC mbenjamin
Alasdair Kergon 2023-01-04 06:43:51 UTC CC flucifre
Alasdair Kergon 2023-01-04 06:59:12 UTC CC vereddy
Alasdair Kergon 2023-01-04 11:29:24 UTC CC mhackett
Red Hat Bugzilla 2023-07-07 08:33:06 UTC Assignee security-response-team nobody

Back to bug 2030422