grafana-7.5.11-2.el8
エラータID: AXSA:2022-3494:02
リリース日:
2022/07/08 Friday - 09:21
題名:
grafana-7.5.11-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- grafana には、ファイル名のすべての文字が小文字もしくは
大文字の .md ファイルに対するディレクトリトラバーサルの
脆弱性があります。(CVE-2021-43813)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-43813
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.
追加情報:
N/A
ダウンロード:
SRPMS
- grafana-7.5.11-2.el8.src.rpm
MD5: 319d3f1aba835f71acbd5a367fc803b6
SHA-256: fda08526046cfc5212e94cf861cc9aa12c59ad8de5366b19de00e9f9f8beb5c9
Size: 116.73 MB
Asianux Server 8 for x86_64
- grafana-7.5.11-2.el8.x86_64.rpm
MD5: c30cfcb772f88cbdb97597f462d9a039
SHA-256: 777ade7f707eef85f02f9a1f535a990e12d724351629ba51093b700db09c7b12
Size: 40.00 MB
English