VYPR
Moderate severityNVD Advisory· Published Aug 3, 2021· Updated Aug 4, 2024

CVE-2021-36156

CVE-2021-36156

Description

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/grafana/lokiGo
< 2.3.02.3.0

Affected products

6

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.