CVE-2022-32275
Summary
| CVE | CVE-2022-32275 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-06 19:15:00 UTC |
| Updated | 2023-11-07 03:47:00 UTC |
| Description | ** DISPUTED ** Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Menu on left side displayed with 404 error page instead of login redirect · Issue #50341 · grafana/grafana · GitHub | MISC | github.com | |
| CVE-2022-32275 Grafana Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Menus displayed even though user is not authenticated · Issue #50336 · grafana/grafana · GitHub | MISC | github.com | |
| grafana/README.md at main · BrotherOfJhonny/grafana · GitHub | MISC | github.com | |
| GitHub - BrotherOfJhonny/grafana: grafana 8.4.3 (b7d2911ca) | MISC | github.com | |
| Grafana: The open observability platform | Grafana Labs | MISC | grafana.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 730517 Grafana Unauthenticated File Read Vulnerability