CVE-2021-43798
published 2021-12-07CVE-2021-43798: Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to…
PriorityP188high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2025-10-30
Exploited in the wild
EPSS
88.85%
99.8th percentile
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | grafana_grafana | >= 8.0.0-beta1 < 8.0.7 | 8.0.7 |
| github.com | grafana_grafana | >= 8.0.0-beta3 < 8.3.2 | 8.3.2 |
| github.com | grafana_grafana | >= 8.1.0 < 8.1.8 | 8.1.8 |
| github.com | grafana_grafana | >= 8.2.0 < 8.2.7 | 8.2.7 |
| github.com | grafana_grafana | >= 8.3.0 < 8.3.1 | 8.3.1 |
| grafana | grafana | — | — |
| grafana | grafana | — | — |
| grafana | grafana | — | — |
| grafana | grafana | — | — |
| grafana | grafana | — | — |
| grafana | grafana | — | — |
| grafana | grafana | >= 8.0.1 < 8.0.7 | 8.0.7 |
| grafana | grafana | >= 8.1.0 < 8.1.8 | 8.1.8 |
| grafana | grafana | >= 8.2.0 < 8.2.7 | 8.2.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal exploitation attempts by monitoring HTTP requests matching the pattern /public/plugins/<plugin_id>/..%2f (URL-encoded traversal sequences) in Grafana access logs. ↗
- →Check for xmrig process execution (CPU at 98%+) originating from hidden directories such as /usr/share/.logstxt/ as a post-exploitation indicator following CVE-2021-43798 exploitation. ↗
- →Alert on SSH authentication successes by the 'grafana' OS user from external IPs not matching known-good organizational IP ranges, as attackers leverage credentials obtained via the path traversal to log in. ↗
- →Monitor for modification of cron-executed scripts (e.g., /opt/automation/updater.sh) by non-root users as a privilege escalation indicator following initial Grafana compromise. ↗
- →Check logs for evidence of traversal requests that may have returned sensitive files such as grafana.db or grafana.ini, which contain plaintext or recoverable credentials. ↗
- ·The vulnerable URL path requires an installed plugin ID; exploitation is only possible if at least one plugin is installed. The plugin name (e.g., 'alertlist', 'opentsdb') must be valid for the traversal to succeed. ↗
- ·Grafana Cloud was never vulnerable; only self-hosted Grafana instances running versions 8.0.0-beta1 through 8.3.0 (excluding patched builds 8.0.7, 8.1.8, 8.2.7, 8.3.1) are affected. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Grafana Path Traversal Vulnerability
cisa·2025-10-09·CVSS 7.5
CVE-2021-43798 [HIGH] CWE-22 Grafana Path Traversal Vulnerability
Vulnerability: Grafana Path Traversal Vulnerability
Affected: Grafana Labs Grafana
Grafana contains a path traversal vulnerability that could allow access to local files.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-43798
Remediation Due Date: 2025-10-30
Red Hat
grafana: path traversal vulnerability
vendor_redhat·2021-12-07·CVSS 7.5
CVE-2021-43798 [HIGH] CWE-22 grafana: path traversal vulnerability
grafana: path traversal vulnerability
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
A directory path traversal vulnerability was found in Grafana. This flaw allows an attacker to obtain read access to the local files due to a lack of path normalization in the /public/plugins// URL.
GHSA
Grafana directory traversal for .cvs files
ghsa·2024-05-14·CVSS 7.5
CVE-2021-43815 [HIGH] CWE-22 Grafana directory traversal for .cvs files
Grafana directory traversal for .cvs files
Today we are releasing Grafana `8.3.2` and `7.5.12`. This patch release includes a moderate severity security fix for directory traversal for arbitrary `.csv` files. It only affects instances that have the developer testing tool called [TestData DB data source](https://grafana.com/docs/grafana/latest/datasources/testdata/) enabled and configured.
The vulnerability is limited in scope, and only allows access to files with the extension `.csv` to **authenticated users only.**
This is a follow-up patch release to our recent [CVE-2021-43798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43798) release. If you haven’t read about that high severity security fix, we recommend that you review the [initial blog post](https://grafana.com/blog/2
OSV
Grafana directory traversal for .cvs files
osv·2024-05-14·CVSS 7.5
CVE-2021-43815 [HIGH] Grafana directory traversal for .cvs files
Grafana directory traversal for .cvs files
Today we are releasing Grafana `8.3.2` and `7.5.12`. This patch release includes a moderate severity security fix for directory traversal for arbitrary `.csv` files. It only affects instances that have the developer testing tool called [TestData DB data source](https://grafana.com/docs/grafana/latest/datasources/testdata/) enabled and configured.
The vulnerability is limited in scope, and only allows access to files with the extension `.csv` to **authenticated users only.**
This is a follow-up patch release to our recent [CVE-2021-43798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43798) release. If you haven’t read about that high severity security fix, we recommend that you review the [initial blog post](https://grafana.com/blog/2
OSV
Grafana path traversal
osv·2024-02-01·CVSS 7.5
CVE-2021-43798 [HIGH] Grafana path traversal
Grafana path traversal
Today we are releasing Grafana 8.3.1, 8.2.7, 8.1.8, 8.0.7. This patch release includes a high severity security fix that affects Grafana versions from v8.0.0-beta1 through v8.3.0.
Release v8.3.1, only containing a security fix:
- [Download Grafana 8.3.1](https://grafana.com/grafana/download/8.3.1)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-1/)
Release v8.2.7, only containing a security fix:
- [Download Grafana 8.2.7](https://grafana.com/grafana/download/8.2.7)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-2-7/)
Release v8.1.8, only containing a security fix:
- [Download Grafana 8.1.8](https://grafana.com/grafana/download/8.1.8)
- [Release notes](https://grafana.com/docs/gr
GHSA
Grafana path traversal
ghsa·2024-02-01·CVSS 7.5
CVE-2021-43798 [HIGH] CWE-22 Grafana path traversal
Grafana path traversal
Today we are releasing Grafana 8.3.1, 8.2.7, 8.1.8, 8.0.7. This patch release includes a high severity security fix that affects Grafana versions from v8.0.0-beta1 through v8.3.0.
Release v8.3.1, only containing a security fix:
- [Download Grafana 8.3.1](https://grafana.com/grafana/download/8.3.1)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-1/)
Release v8.2.7, only containing a security fix:
- [Download Grafana 8.2.7](https://grafana.com/grafana/download/8.2.7)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-2-7/)
Release v8.1.8, only containing a security fix:
- [Download Grafana 8.1.8](https://grafana.com/grafana/download/8.1.8)
- [Release notes](https://grafana.com/docs/gr
OSV
CVE-2021-43798: Grafana is an open-source platform for monitoring and observability
osv·2021-12-07·CVSS 7.5
CVE-2021-43798 [HIGH] CVE-2021-43798: Grafana is an open-source platform for monitoring and observability
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
VulnCheck
Grafana Path Traversal Vulnerability
vulncheck·2021·CVSS 7.5
CVE-2021-43798 [HIGH] CWE-22 Grafana Path Traversal Vulnerability
Grafana Path Traversal Vulnerability
Grafana contains a path traversal vulnerability that could allow access to local files.
Affected: Grafana Labs Grafana
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-02&host_type=src&vulnerability=cve-2021-43798; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-24&host_type=src&vulnerability=cve-2021-43798; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2021-43798; https://dashboard.shadowserver.or
Suricata
ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798)
suricata·2021-12-07·CVSS 7.5
CVE-2021-43798 [HIGH] ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798)
ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798)"; flow:established,to_server; http.method; content:"GET"; http.uri.raw; content:"/public/plugins/"; fast_pattern; content:"|2f 2e 2e 2f|"; within:40; reference:url,github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p; classtype:attempted-admin; sid:2034629; rev:3; metadata:created_at 2021_12_07, cve CVE_2021_43798, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:d
Exploit-DB
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
exploitdb·2021-12-09·CVSS 7.5
CVE-2021-43798 [HIGH] Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
---
# Exploit Title: Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
# Date: 08/12/2021
# Exploit Author: s1gh
# Vendor Homepage: https://grafana.com/
# Vulnerability Details: https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
# Version: V8.0.0-beta1 through V8.3.0
# Description: Grafana versions 8.0.0-beta1 through 8.3.0 is vulnerable to directory traversal, allowing access to local files.
# CVE: CVE-2021-43798
# Tested on: Debian 10
# References: https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p47p
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import requests
import argparse
import sys
from random import choice
plugin_list = [
"alertlist",
"annolist",
"barchart",
Metasploit
Grafana Plugin Path Traversal
metasploit
Grafana Plugin Path Traversal
Grafana Plugin Path Traversal
Grafana versions 8.0.0-beta1 through 8.3.0 prior to 8.0.7, 8.1.8, 8.2.7, or 8.3.1 are vulnerable to directory traversal through the plugin URL. A valid plugin ID is required, but many are installed by default.
Nuclei
Grafana v8.x - Arbitrary File Read
nuclei·CVSS 7.5
CVE-2021-43798 [HIGH] Grafana v8.x - Arbitrary File Read
Grafana v8.x - Arbitrary File Read
Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.
Template:
id: CVE-2021-43798
info:
name: Grafana v8.x - Arbitrary File Read
author: z0ne,dhiyaneshDk,j4vaovo
severity: high
description: Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.
impact: |
An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
remediation: Upgrade to
arXiv
Cybersecurity AI Benchmark (CAIBench): A Meta-Benchmark for Evaluating Cybersecurity AI Agents
arxiv_fulltext·2025-10-28
Cybersecurity AI Benchmark (CAIBench): A Meta-Benchmark for Evaluating Cybersecurity AI Agents
-1em
## Abstract
Cybersecurity spans multiple interconnected domains, complicating the development of meaningful, labor-relevant benchmarks. Existing benchmarks assess isolated skills rather than integrated performance. We find that pre-trained knowledge of cybersecurity in LLMs does not imply attack and defense abilities, revealing a gap between knowledge and capability. To address this limitation, we present the Cybersecurity AI Benchmark (CAIBench), a modular meta-benchmark framework that allows evaluating LLM models and agents across offensive and defensive cybersecurity domains, taking a step towards meaningfully measuring their labor-relevance. CAIBench integrates five evaluation categories, covering over 10,000 instances: Jeopardy-style CTFs, Attack and Defense CTFs, Cyber Range e
CTF
Tearys / README
ctf_writeups·2022
Tearys / README
# Challenge Name: Tearys
## Description
Get The highest privilege on the machine and find the flag!
Target IP: 18.156.136.169
## Notes
I wasn't able to solve the machine i just listed some notes here
I started by running a nmap scan
```bash
nmap -sC -sV 18.156.136.169 130 ⨯ 2 ⚙
Starting Nmap 7.91 ( https://nmap.org ) at 2022-03-19 03:37 UTC
Nmap scan report for ec2-18-156-136-169.eu-central-1.compute.amazonaws.com (18.156.136.169)
Host is up (0.11s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 3f:37:a7:cb:4d:fa:8c:a7:53:e6:e7:f4:76:43:3d:c1 (RSA)
| 256 af:78:ae:60:77:25:44:23:6e:a9:2f:8e:a5:19:f5:62 (ECDSA)
|_ 256 07:8c:df:7c:a0:88:a4:28:c2:06:90:62:92:7f:e8:8f
CTF
medium / README
ctf_writeups·CVSS 9.1
[CRITICAL] medium / README
---
layout: default
title: Medium Machines
parent: Machines
nav_order: 2
description: "112+ Medium HTB machine writeups with walkthroughs"
permalink: /machines/medium/
---
# HackTheBox - Medium Machines
> Comprehensive index of retired HTB Medium-difficulty machines with key techniques and attack path summaries.
**Total: 100+ machines** | Sorted roughly by retirement date (newest first)
---
## Machine Index
| # | Machine | OS | Key Techniques | Attack Path Summary | Writeup |
|---|---------|-----|----------------|---------------------|---------|
| 1 | Signed | Linux | Code Signing Bypass, Certificate Abuse | Forge code signature to deploy malicious update, escalate via trusted binary execution | [0xdf](https://0xdf.gitlab.io/2026/02/07/htb-signed.html) |
| 2 | Voleur | Linux | Data E
CTF
Ambassador / README
ctf_writeups·CVSS 7.5
CVE-2021-43798 [HIGH] Ambassador / README
# Ambassador - HackTheBox - Writeup
Linux, 30 Base Points, Medium
## Machine
## TL;DR
To solve this machine, we start by using `nmap` to enumerate open services and find ports `22` and `80`, `3000`, and `3306`.
***User***: Exploiting a vulnerability (`CVE-2021-43798`) in the `Grafana` software, we were able to obtain the database and admin web credentials. Using these credentials, we were able to access the `MySQL` database and retrieve the `developer` user's credentials.
***Root***: By discovering the `whackywidget` application directory on the `/opt/my-app/` path, rolling back to a previous Git commit to obtain the `consul` token, and utilizing the `consul_service_exec` module in `Metasploit`, we were able to achieve remote code execution with root privileges.
## Ambassador So
CTF
Ore / README
ctf_writeups·CVSS 7.5
[HIGH] Ore / README
# Ore
> Write-up author: jon-brandy
## Lessons Learned:
- Reviewing Grafana and Catscale Output artifacts.
- Analyzing xmrig process.
- Hunting the Threat Actor's IPs by reviewing UNIX auth log, Web server log, and UNIX sysmon log (syslog).
- Using shodan for threat intelligence (identifying the mining pool of the miner binary).
- Using crontab.guru to identify how often the cronjob executed.
## SCENARIO:
One of our technical partners are currently managing our AWS infrastructure. We requested the deployment of some technology into the cloud. The solution proposed was an EC2 instance hosting the Grafana application. Not too long after the EC2 was deployed the CPU usage ended up sitting at a continuous 98%+ for a process named "xmrig". Important Information Our organisation's office publ
CTF
Ambassador / README
ctf_writeups·CVSS 7.5
[HIGH] Ambassador / README
# Ambassador
> Write-up author: jon-brandy
## DESCRIPTION:
- NONE
## HINT:
- NONE
## STEPS:
1. First, scan all open ports and it's services from the host given.
> RESULT
2. Based from the output we know that the machine is running a web application, hence let's open it.
> RESULT
3. Remember there's port `3000` with `ppp?` as it's service.
4. Based from it's info, it opens a login page.
> RESULT
5. I did a small outsource about grafana and found CVE about [grafana exploit](https://github.com/pedrohavay/exploit-grafana-CVE-2021-43798).
6. Let's use the script from the github documentation.
> RESULT
Bleepingcomputer
Massive surge in scans targeting Palo Alto Networks login portals
blogs_bleepingcomputer·2025-10-04
Massive surge in scans targeting Palo Alto Networks login portals
## Massive surge in scans targeting Palo Alto Networks login portals
## Bill Toulas
A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses, researchers warn.
Cybersecurity intelligence company GreyNoise reports a 500% increase in IP addresses focused on Palo Alto Networks GlobalProtect and PAN-OS profiles.
The activity culminated on October 3 with more than 1,285 unique IPs engaged in the activity. Typically, daily scans do not exceed 200 addresses, the company says.
Most of the observed IPs were geolocated in the U.S., while smaller clusters were based in the U.K., the Netherlands, Canada, and Russia.
One activity cluster concentrated its traffic on targets in the United States and another one focuse
Greynoiseio
Coordinated Grafana Exploitation Attempts on 28 September
blogs_greynoiseio·2025-10-02·CVSS 7.5
[HIGH] Coordinated Grafana Exploitation Attempts on 28 September
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
Malicious Tag Roundup (January 2022)
blogs_greynoiseio
Malicious Tag Roundup (January 2022)
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Recorded Future
2025 Cloud Threat Hunting and Defense Landscape
blogs_recorded_future
2025 Cloud Threat Hunting and Defense Landscape
# 2025 Cloud Threat Hunting and Defense Landscape
## Executive Summary
Insikt Group has observed continued trends of growth and increased activity of threat actors leveraging and exploiting cloud infrastructure to broaden the number of victims they target and infect. Recent reporting across the observed incidents shows that cloud-focused threats are converging on a few consistent patterns, which serve as the main sections of this report:
- Exploitation and Misconfiguration
- Cloud Abuse
- Cloud Ransomware
- Credential Abuse, Account Takeover, and Unauthorized Access
- Third-Party Compromise
Across cases, initial access frequently comes from vulnerable or misconfigured services exposed to the internet — including application delivery controllers, monitoring dashboards, email security ga
Recorded Future
October 2025 CVE Landscape
blogs_recorded_future·CVSS 9.8
[CRITICAL] October 2025 CVE Landscape
# October 2025 CVE Landscape: 32 High-Impact Vulnerabilities Demand Immediate Attention
October 2025 saw a significant escalation in vulnerability activity, with Recorded Future's Insikt Group® identifying 32 high-impact vulnerabilities, double the 16 identified in September's CVE report. Twenty-six of these vulnerabilities scored as Very Critical.
What security teams need to know:
- Microsoft dominates: Eight of 32 vulnerabilities affect Microsoft products, including a critical WSUS deserialization flaw (CVE-2025-59287) now being actively exploited
- CL0P ransomware group exploited an Oracle E-Business Suite zero-day (CVE-2025-61882) for data theft and extortion campaigns
- Legacy vulnerabilities persist: Five of the 14 RCE-enabling vulnerabilities are over a decade old, highlighting c
http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.htmlhttp://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.htmlhttp://www.openwall.com/lists/oss-security/2021/12/09/2http://www.openwall.com/lists/oss-security/2021/12/10/4https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545cehttps://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47phttps://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/https://security.netapp.com/advisory/ntap-20211229-0004/http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.htmlhttp://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.htmlhttp://www.openwall.com/lists/oss-security/2021/12/09/2http://www.openwall.com/lists/oss-security/2021/12/10/4https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545cehttps://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47phttps://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/https://security.netapp.com/advisory/ntap-20211229-0004/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-43798
2021-12-07
Published
2025-10-09
Added to CISA KEV
Exploited in the wild