What is CVE-2022-32275?

CVE-2022-32275 is a vulnerability in N/a. Published 2022-06-06.

Is CVE-2022-32275 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-32275

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a…

EPSS: 0.674 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

grafana.com (x_refsource_MISC)
github.com/BrotherOfJhonny/grafana/blob/main/README.md (x_refsource_MISC)
github.com/grafana/grafana/issues/50336 (x_refsource_MISC)
github.com/BrotherOfJhonny/grafana (x_refsource_MISC)
security.netapp.com/advisory/ntap-20220715-0008/ (x_refsource_CONFIRM)
github.com/grafana/grafana/issues/50341 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-32275?: CVE-2022-32275 is a vulnerability in N/a. Published 2022-06-06.
Is CVE-2022-32275 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.