cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-36157,https://securityvulnerability.io/vulnerability/CVE-2021-36157,,"An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)",Linux,Cortex,5.3,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2021-08-03T14:03:49.000Z,0
CVE-2021-31232,https://securityvulnerability.io/vulnerability/CVE-2021-31232,,The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.,Linux,Cortex,5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-04-30T12:46:32.000Z,0