Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-43798

Опубликовано: 07 дек. 2021
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Критический

Описание

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: <grafana_host_url>/public/plugins//, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Версия от 8.0.1 (включая) до 8.0.7 (исключая)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Версия от 8.1.0 (включая) до 8.1.8 (исключая)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Версия от 8.2.0 (включая) до 8.2.7 (исключая)
cpe:2.3:a:grafana:grafana:8.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:8.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:8.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:8.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.94334
Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2021-43798

CVSS3: 7.5
ubuntu
больше 3 лет назад

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

redhat логотип

CVE-2021-43798

CVSS3: 7.5
redhat
больше 3 лет назад

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

debian логотип

CVE-2021-43798

CVSS3: 7.5
debian
больше 3 лет назад

Grafana is an open-source platform for monitoring and observability. G ...

github логотип

GHSA-8pjx-jj86-j47p

CVSS3: 7.5
github
больше 1 года назад

Grafana path traversal

fstec логотип

BDU:2023-00493

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость веб-инструмента представления данных Grafana, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю читать произвольные файлы

EPSS

Процентиль: 100%
0.94334
Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22