// For flags

CVE-2021-31231

 

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.

Alertmanager en Grafana Enterprise Metrics versiones anteriores a 1.2.1 y Metrics Enterprise versión1.2.1, presenta una vulnerabilidad de divulgación de archivos locales cuando es usado experimental.alertmanager.enable-api. El archivo de contraseña de autenticación básica HTTP se puede usar como un vector de ataque para enviar cualquier contenido de archivo por medio de un webhook. Las plantillas de alertmanager pueden ser usado como vector de ataque para enviar cualquier contenido de archivo porque alertmanager puede cargar cualquier archivo de texto especificado en la lista de plantillas.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-15 CVE Reserved
  • 2021-04-30 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Grafana
Search vendor "Grafana"
Enterprise Metrics
Search vendor "Grafana" for product "Enterprise Metrics"
< 1.2.1
Search vendor "Grafana" for product "Enterprise Metrics" and version " < 1.2.1"
-
Affected
Grafana
Search vendor "Grafana"
Enterprise Metrics
Search vendor "Grafana" for product "Enterprise Metrics"
< 1.2.1
Search vendor "Grafana" for product "Enterprise Metrics" and version " < 1.2.1"
enterprise
Affected