Grafana - Path Traversal (CVE-2021-43798)
8523Exploiting IPs reported
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
CrowdSec analysis
CVE-2021-43798 is a directory traversal vulnerability in Grafana that enables attackers to gain unauthorized access to local files by exploiting crafted plugin URL paths.
CrowdSec has been tracking this vulnerability and its exploits since 9th of December 2021.
CrowdSec network data shows that most actors exploiting CVE-2021-43798 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. CrowdSec data also reveals a clear uptick in attacks involving CVE-2021-43798 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.
Attackers typically probe for URL patterns containing /public/plugins/ to exploit this weakness.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.