VDB

RHSA-2022%3A6024

RHSA-2022%3A6024 PUBLISHED CVSS 4.300000190734863 MEDIUM

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
Red Hatrhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64 as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64
Red Hatrhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64 as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64
Red Hatrhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x
Red Hatrhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64 as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64
Red Hatrhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le
Red Hatrhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x
Red Hatrhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le
Red Hatrhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le
Red Hatrhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x as a component of Red Hat Ceph Storage 5.2 Tools*
Red Hatrhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le
Red Hatrhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64 as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64
Red Hatrhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x
Red Hatrhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64 as a component of Red Hat Ceph Storage 5.2 Tools*
Red Hatrhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le as a component of Red Hat Ceph Storage 5.2 Toolsrhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le
Red Hatrhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x as a component of Red Hat Ceph Storage 5.2 Tools*

Timeline

  • Aug 9, 2022 CVE Published
  • Mar 21, 2026 CVE Updated
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›