2022-06-06 18:29:07
mitre
PUBLISHED
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendors position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content