alphahsl's comments

alphahsl | 4 years ago | on: An update on 0day CVE-2021-43798: Grafana directory traversal

I should clarify that “inadvertently” is the key word here. The 0day happened because of a number of factors detailed in the post, and it isn’t the fault of any one person.

alphahsl | 4 years ago | on: An update on 0day CVE-2021-43798: Grafana directory traversal

> Customers get a week to upgrade under strict embargo

Seems that they can enforce an embargo with their private customers so that it won't become a 0day.

It became a 0day because the security researcher inadvertently kicked off public discussion.

page 1