ALT Linux Team

Package loki update in p10 on 2022-09-08

ALT-PU-2022-2584-1

Package loki updated to version 2.6.1-alt2 for branch p10 in task 306122.

Closed vulnerabilities

Published: 2021-08-03
Modified: 2024-11-21

CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top