FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a994ff7d-5b3f-11ec-8398-6c3be5272acdGrafana -- Directory Traversal

GitHub Security Labs reports:

A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrary .csv files through directory traversal. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable.

The vulnerable URL path is: /api/plugins/.*/markdown/.* for .md files


Discovery 2021-12-09
Entry 2021-12-12
grafana
ge 5.0.0 lt 7.5.12

ge 8.0.0 lt 8.3.2

grafana6
ge 6.0.0

grafana7
ge 7.0.0 lt 7.5.12

grafana8
ge 8.0.0 lt 8.3.2

CVE-2021-43813
https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/