Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-43798

Description

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

POC

Reference

- http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html

- http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0x783kb/Security-operation-book

- https://github.com/0xAwali/Virtual-Host

- https://github.com/0xD13/OSCP-Prep-Guide

- https://github.com/0xMarcio/cve

- https://github.com/0xSAZZAD/Grafana-CVE-2021-43798

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/20142995/sectool

- https://github.com/A-D-Team/grafanaExp

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AbhinavRaj24/Operation-Shadow-Trace

- https://github.com/AlexLinov/CTF

- https://github.com/Alfesito/Desarrollo-e-Implementacion-de-Medidas-Mitigantes-en-Vulnerabilidades-de-Kubernetes

- https://github.com/Alfesito/TFG-kubevuln

- https://github.com/Andromeda254/cve

- https://github.com/ArrestX/--POC

- https://github.com/BJLIYANLIANG/CVE-2021-43798-Grafana-File-Read

- https://github.com/BLACKHAT-SSG/MindMaps2

- https://github.com/Bhanunamikaze/VaktScan

- https://github.com/Bouquets-ai/CVE-2021-43798

- https://github.com/BunNYb8989/Intrusion-Detection

- https://github.com/CLincat/vulcat

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Drajoncr/AttackWebFrameworkTools

- https://github.com/FAOG99/GrafanaDirectoryScanner

- https://github.com/G01d3nW01f/CVE-2021-43798

- https://github.com/GhostTroops/TOP

- https://github.com/H4cking2theGate/TraversalHunter

- https://github.com/Hatcat123/my_stars

- https://github.com/HimmelAward/Goby_POC

- https://github.com/Ilovewomen/Grafana_CVE

- https://github.com/Ilovewomen/db_script_v2

- https://github.com/Ilovewomen/db_script_v2_2

- https://github.com/Iris288/CVE-2021-43798

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/JERRY123S/all-poc

- https://github.com/JiuBanSec/Grafana-CVE-2021-43798

- https://github.com/Jroo1053/GrafanaDirInclusion

- https://github.com/K3ysTr0K3R/CVE-2021-43798-EXPLOIT

- https://github.com/K3ysTr0K3R/K3ysTr0K3R

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/Ketan-Agarwal/OperationShadowTrace

- https://github.com/Ki11i0n4ir3/CVE-2021-43798

- https://github.com/Lazykakarot1/Learn-365

- https://github.com/LongWayHomie/CVE-2021-43798

- https://github.com/M0ge/CVE-2021-43798-grafana_fileread

- https://github.com/MalekAlthubiany/CVE-2021-43798

- https://github.com/MelvinM8/OSCP

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/Mo0ns/Grafana_POC-CVE-2021-43798

- https://github.com/Mr-Tree-S/POC_EXP

- https://github.com/Mr-xn/CVE-2021-43798

- https://github.com/MzzdToT/Grafana_fileread

- https://github.com/MzzdToT/HAC_Bored_Writing

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/PwnAwan/MindMaps2

- https://github.com/Ryze-T/CVE-2021-43798

- https://github.com/SYRTI/POC_to_review

- https://github.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC

- https://github.com/Shinkirou789/Grafana-8-8.30-LFI-exploit

- https://github.com/Shinkirou789/Jenkins-2.441-exploit

- https://github.com/Sic4rio/Grafana-Decryptor-for-CVE-2021-43798

- https://github.com/StarCrossPortal/scalpel

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Tom-Cooper11/Grafana-File-Read

- https://github.com/Vulnmachines/grafana-unauth-file-read

- https://github.com/WhooAmii/POC_to_review

- https://github.com/XRSec/AWVS14-Update

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/YashVardhanPratihast/Operation_Shadow_Trace

- https://github.com/YourKeeper/SunScope

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ZWDeJun/ZWDeJun

- https://github.com/abuyazeen/CVE-2021-43798-Grafana-path-traversal-tester

- https://github.com/adarsh-404-exe/EndToEnd-Container-Threat-Detection

- https://github.com/akmalovaa/crowdsec-blocklist

- https://github.com/allblue147/Grafana

- https://github.com/ananya868/Misuse-Detection-in-Containers-End-to-End-MLOps

- https://github.com/anonymous364872/Rapier_Tool

- https://github.com/apif-review/APIF_tool_2024

- https://github.com/apit-review-account/apit-tool

- https://github.com/asaotomo/CVE-2021-43798-Grafana-Exp

- https://github.com/asaotomo/FofaMap

- https://github.com/aymenbouferroum/CVE-2021-43798_exploit

- https://github.com/b4zinga/Raphael

- https://github.com/bigblackhat/oFx

- https://github.com/booker-de-witt/Operation_Shadow_control_Writeups

- https://github.com/brunsu/woodswiki

- https://github.com/cokeBeer/go-cves

- https://github.com/culprits/Grafana_POC-CVE-2021-43798

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/d-rn/vulBox

- https://github.com/d3sca/Grafana_LFI

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/davidr-io/Grafana-8.3-Directory-Traversal

- https://github.com/fanygit/Grafana-CVE-2021-43798Exp

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/gixxyboy/CVE-2021-43798

- https://github.com/gps1949/CVE-2021-43798

- https://github.com/halencarjunior/grafana-CVE-2021-43798

- https://github.com/harsh-bothra/learn365

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/hupe1980/CVE-2021-43798

- https://github.com/hxlxmj/Grafxploit

- https://github.com/j-jasson/CVE-2021-43798-grafana_fileread

- https://github.com/jagat-singh-chaudhary/bugbounty-365-days

- https://github.com/jas502n/Grafana-CVE-2021-43798

- https://github.com/jbmihoub/all-poc

- https://github.com/jguarX/Operation-Shadow-Trace

- https://github.com/julesbozouklian/CVE-2021-43798

- https://github.com/just-a-confused-seal/infrastructure_security

- https://github.com/k3rwin/CVE-2021-43798-Grafana

- https://github.com/katseyres2/CVE-2021-43798

- https://github.com/kenuosec/grafanaExp

- https://github.com/kh4sh3i/Grafana-CVE

- https://github.com/lalkaltest/CVE-2021-43798

- https://github.com/lfz97/CVE-2021-43798-Grafana-File-Read

- https://github.com/light-Life/CVE-2021-43798

- https://github.com/lucagioacchini/auto-pen-bench

- https://github.com/lulaide/WebTree

- https://github.com/mTvare6/OST

- https://github.com/mauricelambert/LabAutomationCVE-2021-43798

- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0

- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0

- https://github.com/monke443/CVE-2021-43798

- https://github.com/n1sh1th/CVE-POC

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nuker/CVE-2021-43798

- https://github.com/openx-org/BLEN

- https://github.com/paultheal1en/auto_pen_bench_web

- https://github.com/pedrohavay/exploit-grafana-CVE-2021-43798

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/persees/grafana_exploits

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/ravi5hanka/CVE-2021-43798-Exploit-for-Windows-and-Linux

- https://github.com/rnsss/CVE-2021-43798-poc

- https://github.com/rodpwn/CVE-2021-43798-mass_scanner

- https://github.com/s1gh/CVE-2021-43798

- https://github.com/salvador-arreola/prometheus-grafana-telegram-k8s

- https://github.com/scopion/CVE-2021-43799

- https://github.com/seeu-inspace/easyg

- https://github.com/shengshengli/AttackWebFrameworkTools-5.0

- https://github.com/shivam-0806/OpShaTrace

- https://github.com/soosmile/POC

- https://github.com/sparktsao/auto-pen-bench-study

- https://github.com/suljov/Grafana-LFI-exploit

- https://github.com/taielab/awesome-hacking-lists

- https://github.com/tanjiti/sec_profile

- https://github.com/taythebot/CVE-2021-43798

- https://github.com/tianhai66/Shell_POC

- https://github.com/ticofookfook/CVE-2021-43798

- https://github.com/topyagyuu/CVE-2021-43798

- https://github.com/trhacknon/Pocingit

- https://github.com/truonghuuphuc/OWASP-ZAP-Scripts

- https://github.com/victorhorowitz/grafana-exploit-CVE-2021-43798

- https://github.com/wagneralves/CVE-2021-43798

- https://github.com/wectf/2022

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/wezoomagency/GrafXploit

- https://github.com/whitfieldsdad/epss

- https://github.com/woods-sega/woodswiki

- https://github.com/xasyhack/offsec_oscp_2025

- https://github.com/xasyhack/oscp2025

- https://github.com/xchg-rax-rax/CVE-2021-43798

- https://github.com/xiecat/fofax

- https://github.com/xinyisleep/pocscan

- https://github.com/xxsmile123/youdata_Vulnerabilities

- https://github.com/yagyuuyagyuuu/CVE-2021-43798

- https://github.com/yasin-cs-ko-ak/grafana-cve-2021-43798

- https://github.com/yasindce1998/grafana-cve-2021-43798

- https://github.com/youcans896768/APIV_Tool

- https://github.com/yqcs/heartsk_community

- https://github.com/z3n70/CVE-2021-43798

- https://github.com/zecool/cve

- https://github.com/zer0yu/CVE-2021-43798

- https://github.com/zhanpengliu-tencent/medium-cve