CVE-2021-43798 PoC — Grafana path traversal

Source

https://github.com/dcryp7/Grafana-8.3-Directory-Traversal

Associated Vulnerability

Title:Grafana path traversal (CVE-2021-43798)
Description:Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

Description

CVE-2021-43798 working exploit

Readme

### CVE-2021-43798 Python script

#### Description: Grafana 8.3.0 Directory Traversal (Try this if EDB-ID 50581 is not working!)

#### Original Article: https://ethicalhacking.uk/cve-2021-43798-dissecting-the-grafana-path-traversal-vulnerability/#gsc.tab=0

##### During a box in OffSec Proving Ground (Fanatastic), I encountered Grafana 8.3.0 and pretty quickly found exploitdb id 50581 but for some reason it was not working.
##### I found a working PoC on the above article that quickly allowed me to read /etc/passwd and proceed with attacking the box
##### I decided to build off the PoC so it would be a bit more interactive and allow for quick manual enumeration of files to read

File Snapshot


 [4.0K]  /data/pocs/ba5f95673e07f8f531654fc64db8f74377786313
├── [1.6K]  readFiles.py
└── [ 688]  README.md

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!