CVE-2021-43798 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Directory traversal
Description	Grafana 8 before version 8.3.1 is vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is <grafana_host_url>/public/plugins/<"plugin-id">, where <"plugin-id"> is the plugin ID for any installed plugin.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2609	grafana	8.3.0-1	8.3.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Dec 2021	ASA-202112-11	AVG-2609	grafana	High	directory traversal

References
https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/ https://j0vsec.com/post/cve-2021-43798/ https://github.com/grafana/grafana/commit/00e38ba555cfb120361c9623de3285d70c60172f

References

https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/
https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/
https://j0vsec.com/post/cve-2021-43798/
https://github.com/grafana/grafana/commit/00e38ba555cfb120361c9623de3285d70c60172f

Notes
Workaround ========== The issue can be mitigated by running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. For example, the normalize_path setting in envoy.

Notes

Workaround
==========

The issue can be mitigated by running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. For example, the normalize_path setting in envoy.