← Back to CVEs
CVE-2021-43798
HIGHCISA KEV7.5
Description
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/7/2021
Last Modified10/24/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorGrafana Labs
ProductGrafana
Vulnerability NameGrafana Path Traversal Vulnerability
KEV Date Added2025-10-09
Remediation Due Date2025-10-30
Ransomware UseUnknown
Affected Products
grafana:grafana
Weaknesses (CWE)
CWE-22
References
http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html(security-advisories@github.com)
http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html(security-advisories@github.com)
http://www.openwall.com/lists/oss-security/2021/12/09/2(security-advisories@github.com)
http://www.openwall.com/lists/oss-security/2021/12/10/4(security-advisories@github.com)
https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce(security-advisories@github.com)
https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p(security-advisories@github.com)
https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/(security-advisories@github.com)
https://security.netapp.com/advisory/ntap-20211229-0004/(security-advisories@github.com)
http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/09/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/10/4(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p(af854a3a-2127-422b-91ae-364da2661108)
https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20211229-0004/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43798(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.