Description
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.
Remediation
References
Related Vulnerabilities
MediaWiki Improper Access Control Vulnerability (CVE-2012-4379)
Oracle Application Server CVE-2007-5525 Vulnerability (CVE-2007-5525)
PHP Other Vulnerability (CVE-2007-1287)
Oracle Database Server CVE-2015-4888 Vulnerability (CVE-2015-4888)
OpenSSL Improper Authentication Vulnerability (CVE-2009-0653)