Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21729 | 1 Grafana | 1 Loki | 2026-07-16 | 7.5 High |
| Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. | ||||
| CVE-2026-42129 | 1 Grafana | 2 Grafana, Loki Datasource | 2026-07-10 | 7.7 High |
| A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information. | ||||
| CVE-2026-21726 | 1 Grafana | 1 Loki | 2026-04-24 | 5.3 Medium |
| The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Thanks to Prasanth Sundararajan for reporting this vulnerability. | ||||
| CVE-2021-36156 | 1 Grafana | 1 Loki | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message. | ||||
Page 1 of 1.