Unrated severityNVD Advisory· Published Apr 30, 2021· Updated Aug 3, 2024
CVE-2021-31231
CVE-2021-31231
Description
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Grafana Enterprise/Metricsdescription
- Range: <1.2.1
Patches
Vulnerability mechanics
References
5- community.grafana.com/c/security-announcementsmitrex_refsource_MISC
- grafana.com/docs/metrics-enterprise/mitrex_refsource_MISC
- grafana.com/docs/metrics-enterprise/latest/downloads/mitrex_refsource_MISC
- grafana.com/docs/metrics-enterprise/latest/downloads/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210611-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.