## Grafana welcome Arbitrary File Reading Vulnerability

|   **Vulnerability**  | **Grafana welcome Arbitrary File Reading Vulnerability**  |
| :----:   | :-----|
|  **Chinese name**  |   Grafana 网络应用程序平台 welcome 任意文件读取漏洞 |
| **CVSS core**  | 7.5 |
| **FOFA Query**  (click to view the results directly)| [app="Grafana_Labs-公司产品"](https://en.fofa.info/result?qbase64=YXBwPSJHcmFmYW5hX0xhYnMt5YWs5Y%2B45Lqn5ZOBIg%3D%3D) |
| **Number of assets affected**  | 369673 |
| **Description**  | Grafana is a cross-platform, open source platform for data visualization web applications. After users configure the connected data source, Grafana can display data graphs and warnings in a Web browser. Unauthorized attackers can exploit this vulnerability and gain access to sensitive server files. |
| **Impact** | Grafana can display graphs and warnings in a Web browser. Unauthorized attackers can exploit this vulnerability and gain access to sensitive server files. |

![](https://s3.bmp.ovh/imgs/2023/04/07/ac7eb471dfe138dc.gif)