Application Details
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources. A licensed Grafana Enterprise version with additional capabilities is also available as a self-hosted installation or an account on the Grafana Labs cloud service. It is expandable through a plug-in system. End users can create complex monitoring dashboards using interactive query builders. Grafana is divided into a front end and back end, written in TypeScript and Go, respectively.
Vulnerability
Grafana could allow a remote attacker to traverse directories on the system. This would allow them to read files outside the Grafana application’s folder, such as password and configuration files.
Identification
An attacker could send a specially crafted URL request to the /public/plugins/ containing "dot dot" sequences (/../) to traverse directories. We have identified just one example but there are multiple vulnerabilities, for the full list refer to the Github reference below.
GET /public/plugins/alertGroups/../../../../../../../../etc/passwdDetection
By turning this vulnerability into a traffic file and matching rule, we are able to detect attempts to traverse directories in the application.
Coverage
Idappcom has created signature 8022144 along with a traffic file.
References
CVE-2021-43798
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments