Unrated severityNVD Advisory· Published Jun 6, 2022· Updated Aug 3, 2024
CVE-2022-32275
CVE-2022-32275
Description
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
5- github.com/BrotherOfJhonny/grafana/blob/main/README.mdmitrex_refsource_MISC
- github.com/grafana/grafana/issues/50336mitrex_refsource_MISC
- github.com/grafana/grafana/issues/50341mitrex_refsource_MISC
- grafana.commitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220715-0008/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.