QID 730294
Date Published: 2021-12-08
QID 730294: Grafana Path Traversal Vulnerability
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources.
Grafana is vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: grafana_host_url/public/plugins/"plugin-id" where "plugin-id" is the plugin ID for any installed plugin.
Affected Versions:
Grafana versions from v8.0.0-beta1 through v8.3.0
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable installation of Grafana Enterprise by sending a path traversal payload to the Grafana Server and tries to read the /etc/passwd file on Linux systems and the system.ini and /etc/hosts file on Windows systems
Successful exploitation of the vulnerability may allow attackers to view sensitive files on the remote server including the grafana database file or the passwd file on Linux systems.
Solution
Customers are advised to update to Grafana version 8.3.1, 8.2.7, 8.1.8, 8.0.7 or later. For more information please refer here Workaround:
If you cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. For example, the normalize_path setting in envoy.
If you cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. For example, the normalize_path setting in envoy.
Vendor References
- Grafana Security Advisory -
grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/
CVEs related to QID 730294
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| NA |
grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ |