CVE-2021-43798 Scanner
Detects 'Path Traversal' vulnerability in Grafana affects v. 8.0.0-beta1 through 8.3.0.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
768 sec
Scan only one
Url
Toolbox
-
Grafana is an open-source platform widely used for monitoring and observability. This software combines data from various sources, including Prometheus, Elasticsearch, InfluxDB, and others, to provide real-time analysis and visualization of systems' performance. Grafana provides an intuitive, customizable, and easy-to-use interface that can track, analyze, and alert system-wide issues. With its advanced Graphite query editor, administrators can fine-tune dashboards to peer into systems at a granular level. In summary, Grafana serves the purpose of providing a robust monitoring, alerting, and visualization platform for large-scale systems.
CVE-2021-43798 is a vulnerability detected in the Grafana software. This vulnerability, found in versions 8.0.0-beta1 through 8.3.0, with the exception of patched versions, allows malicious actors to perform directory traversal attacks, potentially allowing unauthorized access to local files. The vulnerable path is `<grafana_host_url>/public/plugins//`, using the plugin ID for any installed plugin. This vulnerability created an opportunity for attackers to overwrite existing files or upload malicious ones, potentially leading to further compromise of system security.
When successful, exploiting the CVE-2021-43798 vulnerability can have severe effects. An attacker can gain access to sensitive data or tamper with crucial system files, leading to uncontrolled system crashes or data breaches. They can also elevate their permissions to gain further access to more sensitive data, exacerbating the magnitude of the compromise.
In conclusion, the security of digital assets is critical. s4e.io helps mitigate the risk posed against these digital assets by providing superior security solutions explicitly designed to identify vulnerabilities. As emphasized in this article, it is vital to remain vigilant and informed about the latest vulnerabilities affecting the devices we rely on every day. By using s4e.io, individuals and organizations can stay informed and prepared for potential threats.
REFERENCES
- http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html
- http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html
- http://www.openwall.com/lists/oss-security/2021/12/09/2
- http://www.openwall.com/lists/oss-security/2021/12/10/4
- https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce
- https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
- https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/