Lucene search

K
freebsdFreeBSDE33880ED-5802-11EC-8398-6C3BE5272ACD
HistoryDec 03, 2021 - 12:00 a.m.

Grafana -- Path Traversal

2021-12-0300:00:00
vuxml.freebsd.org
178

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

Grafana Labs reports:

Grafana is vulnerable to directory traversal, allowing access to local files. We have confirmed this for versions v8.0.0-beta1 to v8.3.0. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable.
The vulnerable URL path is: <grafana_host_url>/public/plugins/<“plugin-id”> where <“plugin-id”> is the plugin ID for any installed plugin.
Every Grafana instance comes with pre-installed plugins like the Prometheus plugin or MySQL plugin so the following URLs are vulnerable for every instance:

<grafana_host_url>/public/plugins/alertlist/
<grafana_host_url>/public/plugins/annolist/
<grafana_host_url>/public/plugins/barchart/
<grafana_host_url>/public/plugins/bargauge/
<grafana_host_url>/public/plugins/candlestick/
<grafana_host_url>/public/plugins/cloudwatch/
<grafana_host_url>/public/plugins/dashlist/
<grafana_host_url>/public/plugins/elasticsearch/
<grafana_host_url>/public/plugins/gauge/
<grafana_host_url>/public/plugins/geomap/
<grafana_host_url>/public/plugins/gettingstarted/
<grafana_host_url>/public/plugins/grafana-azure-monitor-datasource/
<grafana_host_url>/public/plugins/graph/
<grafana_host_url>/public/plugins/heatmap/
<grafana_host_url>/public/plugins/histogram/
<grafana_host_url>/public/plugins/influxdb/
<grafana_host_url>/public/plugins/jaeger/
<grafana_host_url>/public/plugins/logs/
<grafana_host_url>/public/plugins/loki/
<grafana_host_url>/public/plugins/mssql/
<grafana_host_url>/public/plugins/mysql/
<grafana_host_url>/public/plugins/news/
<grafana_host_url>/public/plugins/nodeGraph/
<grafana_host_url>/public/plugins/opentsdb
<grafana_host_url>/public/plugins/piechart/
<grafana_host_url>/public/plugins/pluginlist/
<grafana_host_url>/public/plugins/postgres/
<grafana_host_url>/public/plugins/prometheus/
<grafana_host_url>/public/plugins/stackdriver/
<grafana_host_url>/public/plugins/stat/
<grafana_host_url>/public/plugins/state-timeline/
<grafana_host_url>/public/plugins/status-history/
<grafana_host_url>/public/plugins/table/
<grafana_host_url>/public/plugins/table-old/
<grafana_host_url>/public/plugins/tempo/
<grafana_host_url>/public/plugins/testdata/
<grafana_host_url>/public/plugins/text/
<grafana_host_url>/public/plugins/timeseries/
<grafana_host_url>/public/plugins/welcome/
<grafana_host_url>/public/plugins/zipkin/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

Related for E33880ED-5802-11EC-8398-6C3BE5272ACD