HomePentest-Tools.com Logo

Grafana 8.0.0-beta1 - 8.3.0 Directory Traversal Vulnerability - Active Check CVE-2021-43798

Severity
CVSSv3 Score
7.5
Vulnerability description

Grafana is prone to a directory traversal vulnerability.

Risk description

Grafana is vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: /public/plugins/ where is the plugin ID for any installed plugin. Every Grafana instance comes with pre-installed plugins like the Prometheus plugin or MySQL plugin so multiple URLs are vulnerable for every instance. An unauthenticated attacker may read arbitrary files.

Recommendation

Update to version 8.0.7, 8.1.8, 8.2.7, 8.3.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 7, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available