Vulnerability Details : CVE-2021-43798
Public exploit exists!
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Vulnerability category: Directory traversal
Products affected by CVE-2021-43798
- cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
- cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
- cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
- cpe:2.3:a:grafana:grafana:8.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:grafana:grafana:8.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:grafana:grafana:8.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:grafana:grafana:8.3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-43798
94.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-43798
-
Grafana Plugin Path Traversal
Disclosure Date: 2021-12-02First seen: 2022-12-23auxiliary/scanner/http/grafana_plugin_traversalGrafana versions 8.0.0-beta1 through 8.3.0 prior to 8.0.7, 8.1.8, 8.2.7, or 8.3.1 are vulnerable to directory traversal through the plugin URL. A valid plugin ID is required, but many are installed by default. Authors: - h00die - jordyv
CVSS scores for CVE-2021-43798
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2021-43798
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-43798
-
http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html
Grafana 8.3.0 Directory Traversal / Arbitrary File Read ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce
Security: Fix directory traversal issue (#42846) · grafana/grafana@c798c0e · GitHubPatch;Third Party Advisory
-
https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/
An update on 0day CVE-2021-43798: Grafana directory traversal | Grafana LabsVendor Advisory
-
https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
Grafana path traversal · Advisory · grafana/grafana · GitHubPatch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/12/09/2
oss-security - CVE-2021-43798 Grafana directory traversalMailing List;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20211229-0004/
December 2021 Grafana Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html
Grafana Arbitrary File Reading ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2021/12/10/4
oss-security - CVE-2021-43813 and CVE-2021-43815 - Grafana directory traversal for some .md and .csv filesMailing List;Patch;Third Party Advisory
Jump to