Russian Vulnerability Scanner Database

Back to List

BDU:2023-00493

Scores

EPSS Score

0.0000

CVSS

3.x 7.5

Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
7.5

Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0
7.8

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Description

Уязвимость веб-инструмента представления данных Grafana связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, читать произвольные файлы с помощью специально созданного HTTP-запроса

Sources

bdu

Related Vulnerabilities

CVE-2021-43798

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43798
https://www.exploit-db.com/exploits/50581
https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/
https://www.cybersecurity-help.cz/vdb/SB2021120803
https://www.exploit-db.com/exploits/50581
https://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html
https://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html
https://www.openwall.com/lists/oss-security/2021/12/09/2
https://www.openwall.com/lists/oss-security/2021/12/10/4
https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce
https://github.com/jas502n/Grafana-CVE-2021-43798
https://www.suse.com/security/cve/CVE-2021-43798.html

Vulnerable Software

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.3

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-LTSS

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.3

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.3

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.3

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.3

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.3

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.4

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.4

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.4

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.4

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.4

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.4

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.4

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 15 SP4

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 15 SP4

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 15 SP4

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 15 SP4

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 15 SP4

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 15 SP4

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 15 SP4

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP3

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP3

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-ESPOS

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP3

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP3

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP3

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP3

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP4

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP4

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP4

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP4

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP4

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP4

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP4

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-LTSS

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-LTSS

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-LTSS

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-LTSS

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-LTSS

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-LTSS

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-LTSS

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP5

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP5

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP5

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP5

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP5

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP5

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP5

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP5

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP5

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP5

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP5

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP5

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP5

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP5

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-ESPOS

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-ESPOS

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-ESPOS

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-ESPOS

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-ESPOS

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-ESPOS

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-ESPOS

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-ESPOS

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-ESPOS

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-ESPOS

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-ESPOS

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-ESPOS

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-ESPOS

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server for sap applications 12 SP3

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-BCL

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-BCL

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-BCL

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-BCL

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-BCL

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-BCL

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP3-BCL

Trait: 
{
  "version_exact": "8.0.0 beta3"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-LTSS

Trait: 
{
  "version_exact": "8.3.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-LTSS

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-LTSS

Trait: 
{
  "version_end_excluding": "8.1.8",
  "version_start_including": "8.1.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-LTSS

Trait: 
{
  "version_end_excluding": "8.2.7",
  "version_start_including": "8.2.0"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-LTSS

Trait: 
{
  "version_exact": "8.0.0 beta1"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: suse linux enterprise server 12 SP4-LTSS

Trait: 
{
  "version_exact": "8.0.0 beta2"
}

Source: bdu

Type: Configuration

Vendor: grafana

Product: grafana

Operating System: opensuse leap 15.3

Trait: 
{
  "version_end_excluding": "8.0.7",
  "version_start_including": "8.0.1"
}

Source: bdu