CVE-2021-43798

Published Dec 7, 2021

Last updated a month ago

Exploit knownCVSS high 7.5
Grafana

Overview

Description
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Source
security-advisories@github.com
NVD status
Analyzed
Products
grafana

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
5
Impact score
2.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:N/A:N

Known exploits

Data from CISA

Vulnerability name
Grafana Path Traversal Vulnerability
Exploit added on
Oct 9, 2025
Exploit action due
Oct 30, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. 🛡️ Cyber Threat Digest – 2025-10-14 KEV: CVE-2021-43798 — Grafana Path Traversal Vulnerability NVD: CVE-2025-37729 — Improper neutralization of special News: Secure Boot bypass risk threatens nearly… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    14 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🛡️ Cyber Threat Digest – 2025-10-13 KEV: CVE-2021-43798 — Grafana Path Traversal Vulnerability NVD: CVE-2025-11635 — weakness has been identified News: Microsoft: Windows 11 Media Creation Tool… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    13 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🛡️ Cyber Threat Digest – 2025-10-12 KEV: CVE-2021-43798 — Grafana Path Traversal Vulnerability NVD: CVE-2025-11603 — vulnerability was found in News: Windows 11 23H2 Home and Pro… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    12 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🛡️ Cyber Threat Digest – 2025-10-11 KEV: CVE-2021-43798 — Grafana Path Traversal Vulnerability NVD: CVE-2025-60868 — Alt Redirect 1.6.3 addon News: Windows 11 23H2 Home and Pro… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    11 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🛡️ Cyber Threat Digest – 2025-10-10 KEV: CVE-2021-43798 — Grafana Path Traversal Vulnerability NVD: CVE-2023-37401 — IBM Aspera Faspex 5.0.0 News: FBI takes down BreachForums portal used… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    10 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.