top of page

Grafana Directory Traversal (CVE-2021-43798)

Application Details

Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources. A licensed Grafana Enterprise version with additional capabilities is also available as a self-hosted installation or an account on the Grafana Labs cloud service. It is expandable through a plug-in system. End users can create complex monitoring dashboards using interactive query builders. Grafana is divided into a front end and back end, written in TypeScript and Go, respectively.


Grafana could allow a remote attacker to traverse directories on the system. This would allow them to read files outside the Grafana application’s folder, such as password and configuration files.


An attacker could send a specially crafted URL request to the /public/plugins/ containing "dot dot" sequences (/../) to traverse directories. We have identified just one example but there are multiple vulnerabilities, for the full list refer to the Github reference below.

GET /public/plugins/alertGroups/../../../../../../../../etc/passwd


By turning this vulnerability into a traffic file and matching rule, we are able to detect attempts to traverse directories in the application.


Idappcom has created signature 8022144 along with a traffic file.


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here:


bottom of page