CVE-2021-43798 Information
Share on:Description
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal allowing access to local files. The vulnerable URL path is: <grafana_host_url>/public/plugins// where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7 8.1.8 8.2.7 or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths mitigation and the disclosure timeline.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce
http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html
https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/
http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html
http://www.openwall.com/lists/oss-security/2021/12/09/2
http://www.openwall.com/lists/oss-security/2021/12/10/4
https://security.netapp.com/advisory/ntap-20211229-0004/
Grafana
is
an
open-source
platform
for
monitoring
and
observability.
Grafana
versions
8.0.0-beta1
through
8.3.0
(except
for
patched
versions)
iss
vulnerable
to
directory
traversal
allowing
access
to
local
files.
The
vulnerable
URL
path
is:
<grafana_host_url>/public/plugins//
where
is
the
plugin
ID
for
any
installed
plugin.
At
no
time
has
Grafana
Cloud
been
vulnerable.
Users
are
advised
to
upgrade
to
patched
versions
8.0.7
8.1.8
8.2.7
or
8.3.1.
The
GitHub
Security
Advisory
contains
more
information
about
vulnerable
URL
paths
mitigation
and
the
disclosure
timeline.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5