Grafana Directory Traversal (CVE-2021-43798)


Application Details

Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources. A licensed Grafana Enterprise version with additional capabilities is also available as a self-hosted installation or an account on the Grafana Labs cloud service. It is expandable through a plug-in system. End users can create complex monitoring dashboards using interactive query builders. Grafana is divided into a front end and back end, written in TypeScript and Go, respectively.


Vulnerability

Grafana could allow a remote attacker to traverse directories on the system. This would allow them to read files outside the Grafana application’s folder, such as password and configuration files.


Identification

An attacker could send a specially crafted URL request to the /public/plugins/ containing "dot dot" sequences (/../) to traverse directories. We have identified just one example but there are multiple vulnerabilities, for the full list refer to the Github reference below.


GET /public/plugins/alertGroups/../../../../../../../../etc/passwd

Detection

By turning this vulnerability into a traffic file and matching rule, we are able to detect attempts to traverse directories in the application.


Coverage

Idappcom has created signature 8022144 along with a traffic file.


References

CVE-2021-43798

GitHub jas502n


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional