Exploit for #VU58647 Path traversal in Grafana

Vulnerability identifier: #VU58647

Vulnerability risk: High

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2021-43798

CWE-ID: CWE-22

Exploitation vector: Network

Exploits in database: 32

• February 21, 2025
  • CVEpedia (Descrição de vulnerabilidades conhecidas, exploits públicos, POC sobre CVE. Feito exclusivamente para fins didáticos e para o conhecimento sobre as falhas reportadas.) [Github]
• January 31, 2025
  • Grafana-8.3-Directory-Traversal (CVE-2021-43798 working exploit) [Github]
• September 4, 2023
  • grafana-exploit-CVE-2021-43798 () [Github]
• May 14, 2023
  • GrafanaDirectoryScanner (Exploit for grafana CVE-2021-43798) [Github]
• April 26, 2023
  • CVE-2021-43798 (Grafana - Directory Traversal and Arbitrary File Read) [Github]
• January 29, 2023
  • LabAutomationCVE-2021-43798 (This script implements a lab automation where I exploit CVE-2021-43798 to steal user secrets and then gain privileges on a Linux system.) [Github]
• January 3, 2023
  • Grafana_POC-CVE-2021-43798 (Grafana-POC任意文件读取漏洞(CVE-2021-43798)) [Github]
• December 14, 2022
  • SunScope (Inspired by Ambassador on HackTheBox to exploit the now patched CVE-2021-43798) [Github]
• November 20, 2022
  • exploit-grafana-CVE-2021-43798 () [Github]
• October 29, 2022
  • cve-2021-43798 ( cve-2021-43798 Grafana 8.3.0 - Directory Traversal and Arbitrary File Read) [Github]
• October 8, 2022
  • Grafana_POC-CVE-2021-43798 (Grafana-POC任意文件读取漏洞(CVE-2021-43798)) [Github]
• September 27, 2022
  • GrafanaDirInclusion (Script to demonstrate the Grafana directory traversal exploit (CVE-2021-43798).) [Github]
• September 3, 2022
  • Grafana-CVE (a Curated list of Grafana Security Vulnerabilities, CVE & exploit) [Github]
• May 13, 2022
  • Grafana 8.3.0 - Directory Traversal and Arbitrary File Read [Exploit-DB]
• December 21, 2021
  • CVE-2021-43798 () [Github]
• December 20, 2021
  • Grafana Plugin Path Traversal [Metasploit]
• December 19, 2021
  • CVE-2021-43798-Grafana-POC (CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数) [Github]
• December 14, 2021
  • CVE-2021-43798 (Grafana8.x 任意文件读取) [Github]
• December 13, 2021
  • exploit-grafana-CVE-2021-43798 (This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).) [Github]
• December 12, 2021
  • Grafana_POC-CVE-2021-43798 (Grafana-POC任意文件读取漏洞(CVE-2021-43798)) [Github]
  • Grafana-CVE-2021-43798Exp (CVE-2021-43798Exp多线程批量验证脚本) [Github]
  • CVE-2021-43798 (CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.) [Github]
• December 9, 2021
  • CVE-2021-43798 () [Github]
• December 8, 2021
  • CVE-2021-43798 (CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)) [Github]
  • CVE-2021-43798 () [Github]
  • Grafana-CVE-2021-43798 (Grafana File-Read Vuln) [Github]
  • CVE-2021-43798-grafana_fileread (grafana CVE-2021-43798任意文件读取漏洞POC，采用多插件轮训检测的方法，允许指定单URL和从文件中读取URL) [Github]
  • CVE-2021-43798-Grafana-Exp (Grafanav8.*版本任意文件读取漏洞批量检测工具：该漏洞目前为0day漏洞，未授权的攻击者利用该漏洞，能够获取服务器敏感文件。) [Github]
  • CVE-2021-43798 (Grafana Arbitrary File Reading Vulnerability) [Github]
  • CVE-2021-43798-Grafana-File-Read () [Github]
  • CVE-2021-43798 (CVE-2021-43798:Grafana 任意文件读取漏洞) [Github]
  • Grafana-CVE-2021-43798 (Grafana Unauthorized arbitrary file reading vulnerability) [Github]

Vulnerable software:
Grafana
Web applications / Other software

Vendor: Grafana Labs