News

Grafana releases patch for zeroday that abused directory traversal

By admin
Spread the love

Visualization service Grafana has released a zero-day patch that allowed attackers to access local files. Proofs-of-concept are being circulated on GitHub, among others.

The vulnerability is only in newer versions of Grafana. All versions of the software between v8.0.0-beta1 through v8.3.0 are vulnerable, but older versions are not. Grafana has released several patches. The vulnerability is being fixed in versions 8.3.1, 8.2.7, 8.1.8 and 8.0.7.

It is a bug in the Grafana software and not in Grafana Cloud, the developers say. The vulnerability is known as CVE-2021-43798. This is a directory traversal bug that is specific to the location where Grafana installs plugins by default. From /public/plugins/ it would be possible to get into other directories on a system. It could also contain folders such as /etc/passwd/. The vulnerability is therefore given a score of 7.5 and a High classification.

Grafana writes that it was made aware of the vulnerability on December 3 by a security researcher. On December 7, the company released a patch after it appeared that the vulnerability had appeared online. GitHub, among others, contains not only details about the bug, but also proofs-of-concept showing how it can be exploited.

You might also like
Extensions & Addns

ShortcutKey2URL for Chrome . Extension

News

Water collection from the air using a portable system

Review

AMD X870 Motherboards Review- ASUS, ASRock and MSI present line-ups

Review

New eras for old favorite – Civilization VII Review

Review

Waterproof range for your garden – TP-Link Deco X50-Outdoor Quick Test

Downloads

Download Office 365 Offline Installer ISO / IMG

Exit mobile version