M@Tr1XPdB

The failure is not a path traversal, but a session control failure. When the traversal path is explored, the authentication system redirects to an internal system page that should only...

I apologize if I'm not being clear and explaining. Don't just stick to the 404 message, if you look at the images you can see that that area of the...

In the right corner are the system menus that are only listed for users after validating the data in the login form  in the image below it is showing...

I agree with you that it is not an LFI or path transversion, but as you said it is a flaw, because even without a valid session these features should...

As for the response from the grafana team, I have the history of all the team's responses. The fact that there is a flaw, I'm not saying it's serious, I'm...

Please don't take it personally, what I'm trying to do is just demonstrate a system failure. If this flaw you treat as a bug or vulnerability it doesn't matter the...

I understand your point of view, but on the other hand as you can see in the history others may understand it as vulnerability, even OWASP itself defines this type...

> > Eu entendo seu ponto de vista, mas por outro lado como você pode ver no histórico outros podem entender isso como vulnerabilidade, até mesmo o próprio OWASP define...

I really understand the impact that a cve can have on the business and the credibility of the system, but I can see that we have different views of security...

Just for information, the failure pointed out generated task 53051 (https://github.com/grafana/grafana/pull/53051) which was completed by the grafana team and ended on 08/01/2022