Back to bug 2183161
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-03-30 13:26:04 UTC | CC | gparvin, grafana-maint, jcantril, jkurik, jwendell, nathans, njean, owatkins, pahickey, periklis, rcernich, scox, stcannon, teagle, twalsh | |
| Avinash Hanwate | 2023-03-30 13:27:16 UTC | Depends On | 2183163 | |
| Avinash Hanwate | 2023-03-30 13:28:21 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Doc Text | A flaw was found in the Grafana Loki. Grafana Loki could allow a remote attacker to traverse directories on the system, caused by improper input validation by the X-Scope-OrgID header value. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view some of the contents in the error message. | |||
| Avinash Hanwate | 2023-03-30 13:29:33 UTC | Depends On | 2183165 | |
| Sandipan Roy | 2023-03-30 13:54:25 UTC | Depends On | 2183176 | |
| RaTasha Tillery-Smith | 2023-03-30 14:48:37 UTC | Doc Text | A flaw was found in the Grafana Loki. Grafana Loki could allow a remote attacker to traverse directories on the system, caused by improper input validation by the X-Scope-OrgID header value. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view some of the contents in the error message. | A flaw was found in Grafana Loki that could allow a remote attacker to traverse directories on the system, caused by improper input validation by the X-Scope-OrgID header value. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view some of the contents in the error message. |
| Red Hat Bugzilla | 2023-07-07 08:33:02 UTC | Assignee | security-response-team | nobody |
Back to bug 2183161