Grafana 8.0.0-beta3 - 8.3.1 Directory Traversal Vulnerability CVE-2021-43815
- CVSSv3 Score
- Vulnerability description
Grafana is prone to a directory traversal vulnerability for .csv files.
- Risk description
Grafana has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only.
Update to version 8.3.2 or later.
- Not available