CVE-2021-36157 Information

Description

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header e.g. tricking the ingester into writing metrics to a different location but the effect is nuisance rather than information disclosure.)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://github.com/cortexproject/cortex/pull/4375 https://grafana.com/docs/grafana/latest/release-notes/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3