admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2021/CVE-2021-43798.md

147 lines
7.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2021-43798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43798)
![](https://img.shields.io/static/v1?label=Product&message=grafana&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
### Description
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
### POC
#### Reference
- http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html
- http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html
#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0x783kb/Security-operation-book
- https://github.com/0xAwali/Virtual-Host
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/A-D-Team/grafanaExp
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Alfesito/TFG-kubevuln
- https://github.com/ArrestX/--POC
- https://github.com/BJLIYANLIANG/CVE-2021-43798-Grafana-File-Read
- https://github.com/BLACKHAT-SSG/MindMaps2
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/FAOG99/GrafanaDirectoryScanner
- https://github.com/G01d3nW01f/CVE-2021-43798
- https://github.com/GhostTroops/TOP
- https://github.com/H4cking2theGate/TraversalHunter
- https://github.com/Hatcat123/my_stars
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Ilovewomen/Grafana_CVE
- https://github.com/Ilovewomen/db_script_v2
- https://github.com/Ilovewomen/db_script_v2_2
- https://github.com/Iris288/CVE-2021-43798
- https://github.com/JERRY123S/all-poc
- https://github.com/JiuBanSec/Grafana-CVE-2021-43798
- https://github.com/Jroo1053/GrafanaDirInclusion
- https://github.com/K3ysTr0K3R/CVE-2021-43798-EXPLOIT
- https://github.com/K3ysTr0K3R/K3ysTr0K3R
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Ki11i0n4ir3/CVE-2021-43798
- https://github.com/Lazykakarot1/Learn-365
- https://github.com/LongWayHomie/CVE-2021-43798
- https://github.com/M0ge/CVE-2021-43798-grafana_fileread
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mo0ns/Grafana_POC-CVE-2021-43798
- https://github.com/Mr-Tree-S/POC_EXP
- https://github.com/Mr-xn/CVE-2021-43798
- https://github.com/MzzdToT/Grafana_fileread
- https://github.com/MzzdToT/HAC_Bored_Writing
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PwnAwan/MindMaps2
- https://github.com/Ryze-T/CVE-2021-43798
- https://github.com/SYRTI/POC_to_review
- https://github.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC
- https://github.com/StarCrossPortal/scalpel
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Tom-Cooper11/Grafana-File-Read
- https://github.com/Vulnmachines/grafana-unauth-file-read
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XRSec/AWVS14-Update
- https://github.com/YourKeeper/SunScope
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZWDeJun/ZWDeJun
- https://github.com/allblue147/Grafana
- https://github.com/anonymous364872/Rapier_Tool
- https://github.com/apif-review/APIF_tool_2024
- https://github.com/asaotomo/CVE-2021-43798-Grafana-Exp
- https://github.com/aymenbouferroum/CVE-2021-43798_exploit
- https://github.com/b4zinga/Raphael
- https://github.com/bigblackhat/oFx
- https://github.com/cokeBeer/go-cves
- https://github.com/culprits/Grafana_POC-CVE-2021-43798
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d-rn/vulBox
- https://github.com/d3sca/Grafana_LFI
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/fanygit/Grafana-CVE-2021-43798Exp
- https://github.com/gixxyboy/CVE-2021-43798
- https://github.com/gps1949/CVE-2021-43798
- https://github.com/halencarjunior/grafana-CVE-2021-43798
- https://github.com/harsh-bothra/learn365
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/hupe1980/CVE-2021-43798
- https://github.com/j-jasson/CVE-2021-43798-grafana_fileread
- https://github.com/jas502n/Grafana-CVE-2021-43798
- https://github.com/jbmihoub/all-poc
- https://github.com/julesbozouklian/CVE-2021-43798
- https://github.com/k3rwin/CVE-2021-43798-Grafana
- https://github.com/katseyres2/CVE-2021-43798
- https://github.com/kenuosec/grafanaExp
- https://github.com/kh4sh3i/Grafana-CVE
- https://github.com/lalkaltest/CVE-2021-43798
- https://github.com/lfz97/CVE-2021-43798-Grafana-File-Read
- https://github.com/light-Life/CVE-2021-43798
- https://github.com/mauricelambert/LabAutomationCVE-2021-43798
- https://github.com/n1sh1th/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nuker/CVE-2021-43798
- https://github.com/openx-org/BLEN
- https://github.com/pedrohavay/exploit-grafana-CVE-2021-43798
- https://github.com/persees/grafana_exploits
- https://github.com/rnsss/CVE-2021-43798-poc
- https://github.com/rodpwn/CVE-2021-43798-mass_scanner
- https://github.com/s1gh/CVE-2021-43798
- https://github.com/salvador-arreola/prometheus-grafana-telegram-k8s
- https://github.com/scopion/CVE-2021-43799
- https://github.com/seeu-inspace/easyg
- https://github.com/soosmile/POC
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/tanjiti/sec_profile
- https://github.com/taythebot/CVE-2021-43798
- https://github.com/tianhai66/Shell_POC
- https://github.com/ticofookfook/CVE-2021-43798
- https://github.com/topyagyuu/CVE-2021-43798
- https://github.com/trhacknon/Pocingit
- https://github.com/truonghuuphuc/OWASP-ZAP-Scripts
- https://github.com/victorhorowitz/grafana-exploit-CVE-2021-43798
- https://github.com/wagneralves/CVE-2021-43798
- https://github.com/wectf/2022
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whitfieldsdad/epss
- https://github.com/woods-sega/woodswiki
- https://github.com/xiecat/fofax
- https://github.com/xinyisleep/pocscan
- https://github.com/xxsmile123/youdata_Vulnerabilities
- https://github.com/yasin-cs-ko-ak/grafana-cve-2021-43798
- https://github.com/yasindce1998/grafana-cve-2021-43798
- https://github.com/youcans896768/APIV_Tool
- https://github.com/yqcs/heartsk_community
- https://github.com/z3n70/CVE-2021-43798
- https://github.com/zecool/cve
- https://github.com/zer0yu/CVE-2021-43798
Reference in New Issue Copy Permalink