vulnerability
FreeBSD: VID-a994ff7d-5b3f-11ec-8398-6c3be5272acd (CVE-2021-43813): Grafana -- Directory Traversal
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Dec 12, 2021 | Nov 4, 2022 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Dec 12, 2021
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrary .csv files through directory traversal. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable. The vulnerable URL path is: /api/plugins/.*/markdown/.* for .md files
Solutions
freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana6freebsd-upgrade-package-grafana7freebsd-upgrade-package-grafana8
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.