Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-43798

Опубликовано: 07 дек. 2021
Источник: ubuntu
Приоритет: medium
EPSS Критический
CVSS2: 5
CVSS3: 7.5

Описание

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: <grafana_host_url>/public/plugins//, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

needed

esm-infra/focal

DNE

focal

DNE

hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 100%
0.94334
Критический

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-43798

CVSS3: 7.5
redhat
больше 3 лет назад

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

nvd логотип

CVE-2021-43798

CVSS3: 7.5
nvd
больше 3 лет назад

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

debian логотип

CVE-2021-43798

CVSS3: 7.5
debian
больше 3 лет назад

Grafana is an open-source platform for monitoring and observability. G ...

github логотип

GHSA-8pjx-jj86-j47p

CVSS3: 7.5
github
больше 1 года назад

Grafana path traversal

fstec логотип

BDU:2023-00493

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость веб-инструмента представления данных Grafana, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю читать произвольные файлы

EPSS

Процентиль: 100%
0.94334
Критический

5 Medium

CVSS2

7.5 High

CVSS3