[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-5499":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":49,"name":50,"published":51,"updated":34},5499,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},3,"OpenVAS",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":42,"epss_score":43,"epss_percentile":44,"cve":45,"in_cisa_catalog":47,"date":48,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"high","Grafana is vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: \u003Cgrafana_host_url>/public/plugins/\u003Cplugin-id> where \u003Cplugin-id> is the plugin ID for any installed plugin. Every Grafana instance comes with pre-installed plugins like the Prometheus plugin or MySQL plugin so multiple URLs are vulnerable for every instance. An unauthenticated attacker may read arbitrary files.","Grafana is prone to a directory traversal vulnerability.","Update to version 8.0.7, 8.1.8, 8.2.7, 8.3.1 or later.",[40,41],"https://www.cisa.gov/known-exploited-vulnerabilities-catalog","https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/",7.5,0.94438,0.99988,[46],"CVE-2021-43798",true,"2021-12-07T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.147272","Grafana 8.0.0-beta1 - 8.3.0 Directory Traversal Vulnerability - Version Check","2021-12-08T00:00:00Z"]