{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-03T14:03:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://grafana.com/docs/grafana/latest/release-notes/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/cortexproject/cortex/pull/4375"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-36157", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://grafana.com/docs/grafana/latest/release-notes/", "refsource": "MISC", "url": "https://grafana.com/docs/grafana/latest/release-notes/"}, {"name": "https://github.com/cortexproject/cortex/pull/4375", "refsource": "MISC", "url": "https://github.com/cortexproject/cortex/pull/4375"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-36157", "datePublished": "2021-08-03T14:03:49", "dateReserved": "2021-07-05T00:00:00", "dateUpdated": "2021-08-03T14:03:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:cortex:*:*:*:*:*:*:*:*", "matchCriteriaId": "E141A48F-DD44-491F-BBBB-70B4945A0A0A", "versionEndIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)"}, {"lang": "es", "value": "Se ha detectado un problema en Grafana Cortex versiones hasta 1.9.0. El valor del encabezado X-Scope-OrgID es usado para dise\u00f1ar rutas de archivos para los archivos de reglas, y si se dise\u00f1a para realizar un salto de directorio tal y como ae ../../sensitive/path/in/deployment pathname, Cortex intentar\u00e1 analizar un archivo de reglas en esa ubicaci\u00f3n e incluir\u00e1 parte del contenido en el mensaje de error. (Otras peticiones de la API de Cortex tambi\u00e9n pueden ser enviados un encabezado OrgID malicioso, por ejemplo, enga\u00f1ando al ingester para que escriba las m\u00e9tricas en una ubicaci\u00f3n diferente, pero el efecto es de molestia m\u00e1s que de revelaci\u00f3n de informaci\u00f3n)"}], "id": "CVE-2021-36157", "lastModified": "2021-08-11T17:23:03.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-03T15:15:08.667", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cortexproject/cortex/pull/4375"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://grafana.com/docs/grafana/latest/release-notes/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}