Vulnerability feed

Vulnerability

CVE-2022-32275

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-32275
Description:: Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
Last updated date:: 08/03/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/14/2022
Reference url to background: https://github.com/BrotherOfJhonny/grafana

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/14/2022
Reference url to background: https://github.com/BrotherOfJhonny/grafana/blob/main/README.md

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/09/2022
Reference url to background: https://github.com/grafana/grafana/issues/50336

Vulnerability Feed Contributors About Blog

@inTheWild

©2025 |