Grafana path traversal 漏洞信息(CVE-2021-43798)

一、漏洞 CVE-2021-43798 基础信息

漏洞信息

                                        # Grafana 路径遍历漏洞

## 漏洞概述
Grafana 开源平台版本 8.0.0-beta1 至 8.3.0（除了修复版本）存在目录穿越漏洞，可以访问本地文件。

## 影响版本
- 8.0.0-beta1 至 8.3.0（除了修复版本）

## 细节
- 漏洞路径：`<grafana_host_url>/public/plugins//`，其中是任何已安装插件的插件ID。
- 受影响的 URL 路径存在目录穿越漏洞，允许未经授权的用户访问本地文件。
- 建议用户升级到已修复版本 8.0.7、8.1.8、8.2.7 或 8.3.1。
- Grafana Cloud 从未受到影响。

## 影响
- 未经授权的用户可能访问本地文件，导致信息泄露。
- 建议用户立即升级以防止潜在的安全威胁。

提示

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

Grafana path traversal

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

来源：美国国家漏洞数据库 NVD

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

来源：美国国家漏洞数据库 NVD

漏洞类别

对路径名的限制不恰当(路径遍历)

来源：美国国家漏洞数据库 NVD

漏洞标题

Grafana 路径遍历漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Grafana是Grafana实验室的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana 8.0.0-beta1至8.3.0存在路径遍历漏洞，攻击者可利用该漏洞执行目录遍历攻击，访问本地文件。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

路径遍历

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2021-43798 的公开POC

#	POC 描述	源链接	神龙链接
1	CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)	https://github.com/taythebot/CVE-2021-43798	POC详情
2	Grafana Arbitrary File Reading Vulnerability	https://github.com/zer0yu/CVE-2021-43798	POC详情
3	Grafana Unauthorized arbitrary file reading vulnerability	https://github.com/jas502n/Grafana-CVE-2021-43798	POC详情
4	CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数	https://github.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC	POC详情
5	CVE-2021-43798:Grafana 任意文件读取漏洞	https://github.com/Mr-xn/CVE-2021-43798	POC详情
6	Grafanav8.*版本任意文件读取漏洞批量检测工具：该漏洞目前为0day漏洞，未授权的攻击者利用该漏洞，能够获取服务器敏感文件。	https://github.com/asaotomo/CVE-2021-43798-Grafana-Exp	POC详情
7	A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.	https://github.com/A-D-Team/grafanaExp	POC详情
8	利用grafan CVE-2021-43798任意文件读漏洞，自动探测是否有漏洞、存在的plugin、提取密钥、解密server端db文件，并输出data_sourrce信息。	https://github.com/kenuosec/grafanaExp	POC详情
9	grafana CVE-2021-43798任意文件读取漏洞POC，采用多插件轮训检测的方法，允许指定单URL和从文件中读取URL	https://github.com/M0ge/CVE-2021-43798-grafana_fileread	POC详情
10	Grafana File-Read Vuln	https://github.com/JiuBanSec/Grafana-CVE-2021-43798	POC详情
11	CVE-2021-43798-Grafana任意文件读取漏洞	https://github.com/lfz97/CVE-2021-43798-Grafana-File-Read	POC详情
12	None	https://github.com/s1gh/CVE-2021-43798	POC详情
13	Simple program for exploit grafana	https://github.com/z3n70/CVE-2021-43798	POC详情
14	Grafana-POC任意文件读取漏洞(CVE-2021-43798)	https://github.com/Mo0ns/Grafana_POC-CVE-2021-43798	POC详情
15	CVE-2021-43798Exp多线程批量验证脚本	https://github.com/fanygit/Grafana-CVE-2021-43798Exp	POC详情
16	CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.	https://github.com/LongWayHomie/CVE-2021-43798	POC详情
17	This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).	https://github.com/pedrohavay/exploit-grafana-CVE-2021-43798	POC详情
18	None	https://github.com/gixxyboy/CVE-2021-43798	POC详情
19	Grafana8.x 任意文件读取	https://github.com/Ryze-T/CVE-2021-43798	POC详情
20	CVE-2021-43798 Grafana任意文件读取	https://github.com/k3rwin/CVE-2021-43798-Grafana	POC详情
21	None	https://github.com/gps1949/CVE-2021-43798	POC详情
22	None	https://github.com/halencarjunior/grafana-CVE-2021-43798	POC详情
23	运用golang写的grafana批量验证脚本，内置48个验证	https://github.com/light-Life/CVE-2021-43798	POC详情
24	Grafana8.x 任意文件读取	https://github.com/rnsss/CVE-2021-43798-poc	POC详情
25	None	https://github.com/rodpwn/CVE-2021-43798-mass_scanner	POC详情
26	None	https://github.com/aymenbouferroum/CVE-2021-43798_exploit	POC详情
27	Script to demonstrate the Grafana directory traversal exploit (CVE-2021-43798).	https://github.com/Jroo1053/GrafanaDirInclusion	POC详情
28	This repository contains files for reproducing the vulnerability.	https://github.com/yasin-cs-ko-ak/grafana-cve-2021-43798	POC详情
29	None	https://github.com/BJLIYANLIANG/CVE-2021-43798-Grafana-File-Read	POC详情
30	None	https://github.com/lalkaltest/CVE-2021-43798	POC详情
31	Grafana - Directory Traversal and Arbitrary File Read	https://github.com/hupe1980/CVE-2021-43798	POC详情
32	None	https://github.com/G01d3nW01f/CVE-2021-43798	POC详情
33	This script implements a lab automation where I exploit CVE-2021-43798 to steal user secrets and then gain privileges on a Linux system.	https://github.com/mauricelambert/LabAutomationCVE-2021-43798	POC详情
34	Exploit for grafana CVE-2021-43798	https://github.com/FAOG99/GrafanaDirectoryScanner	POC详情
35	POC for CVE-2021-43798 written in python	https://github.com/nuker/CVE-2021-43798	POC详情
36	None	https://github.com/victorhorowitz/grafana-exploit-CVE-2021-43798	POC详情
37	None	https://github.com/katseyres2/CVE-2021-43798	POC详情
38	None	https://github.com/Iris288/CVE-2021-43798	POC详情
39	CVE-2021-43798Exp多线程批量验证脚本	https://github.com/faaaany/Grafana-CVE-2021-43798Exp	POC详情
40	This repository contains files for reproducing the vulnerability.	https://github.com/yasindce1998/grafana-cve-2021-43798	POC详情
41	Directory Traversal and Arbitrary File Read on Grafana	https://github.com/wagneralves/CVE-2021-43798	POC详情
42	A PoC exploit for CVE-2021-43798 - Grafana Directory Traversal	https://github.com/K3ysTr0K3R/CVE-2021-43798-EXPLOIT	POC详情
43	None	https://github.com/ticofookfook/CVE-2021-43798	POC详情
44	None	https://github.com/topyagyuu/CVE-2021-43798	POC详情
45	Exploit for CVE-2021-43798	https://github.com/xchg-rax-rax/CVE-2021-43798	POC详情
46	None	https://github.com/MalekAlthubiany/CVE-2021-43798	POC详情
47	Grafana Decryptor for CVE-2021-43798	https://github.com/Sic4rio/Grafana-Decryptor-for-CVE-2021-43798	POC详情
48	Python implementation of a tool for decrypting and encrypting sensitive data in Grafana, specifically addressing the vulnerabilities associated with CVE-2021-43798. Grafana encrypts all data source passwords using the AES algorithm with the secret_key found in the defaults.ini configuration file.	https://github.com/sazzad1337/Grafana-CVE-2021-43798	POC详情
49	Python implementation of a tool for decrypting and encrypting sensitive data in Grafana, specifically addressing the vulnerabilities associated with CVE-2021-43798. Grafana encrypts all data source passwords using the AES algorithm with the secret_key found in the defaults.ini configuration file.	https://github.com/0xSAZZAD/Grafana-CVE-2021-43798	POC详情
50	Automated Exploit Tool for Grafana CVE-2021-43798: Scanning common files that contain juicy informations and extracting SSH keys from compromised users.	https://github.com/wezoomagency/GrafXploit	POC详情
51	CVE-2021-43798 working exploit	https://github.com/davidr-io/Grafana-8.3-Directory-Traversal	POC详情
52	Modified exploit for CVE-2021-43798 compatible with both Windows and Linux hosts.	https://github.com/ravi5hanka/CVE-2021-43798-Exploit-for-Windows-and-Linux	POC详情
53	None	https://github.com/monke443/CVE-2021-43798-Grafana-Arbitrary-File-Read	POC详情
54	Arbitrary file read in Grafana allows an attacker to read server files by abusing a path traversal.	https://github.com/monke443/CVE-2021-43798	POC详情
55	Grafana 8.x is vulnerable to local file inclusion.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/grafana/grafana-file-read.yaml	POC详情
56	Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `<grafana_host_url>/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-43798.yaml	POC详情
57	None	https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Grafana%208.x%20%E6%8F%92%E4%BB%B6%E6%A8%A1%E5%9D%97%E7%9B%AE%E5%BD%95%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E%20CVE-2021-43798.md	POC详情
58		https://github.com/vulhub/vulhub/blob/master/grafana/CVE-2021-43798/README.md	POC详情

三、漏洞 CVE-2021-43798 的情报信息

https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p x_refsource_CONFIRM
https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce x_refsource_MISC
http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html x_refsource_MISC
https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/ x_refsource_CONFIRM
http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html x_refsource_MISC
https://security.netapp.com/advisory/ntap-20211229-0004/ x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2021/12/09/2 mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/12/10/4 mailing-list x_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2021-43798

一、 漏洞 CVE-2021-43798 基础信息

漏洞信息

提示

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2021-43798 的公开POC

三、漏洞 CVE-2021-43798 的情报信息

一、漏洞 CVE-2021-43798 基础信息