Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Grafana 路径遍历漏洞
Vulnerability Description
Grafana是Grafana实验室的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana Loki 2.2.1及之前版本存在安全漏洞,该漏洞源于标头值 X-Scope-OrgID 用于构建规则文件的文件路径。
CVSS Information
N/A
Vulnerability Type
N/A