Arch Linux 803 Published by

A grafana security update has been released for Arch Linux.



ASA-202112-11: grafana: directory traversal


Arch Linux Security Advisory ASA-202112-11
=========================================
Severity: High
Date : 2021-12-11
CVE-ID : CVE-2021-43798 CVE-2021-43813 CVE-2021-43815
Package : grafana
Type : directory traversal
Remote : Yes
Link :   https://security.archlinux.org/AVG-2609

Summary
======
The package grafana before version 8.3.1-1 is vulnerable to directory
traversal.

Resolution
=========
Upgrade to 8.3.1-1.

# pacman -Syu "grafana>=8.3.1-1"

The problems have been fixed upstream in version 8.3.1.

Workaround
=========
None.

Description
==========
- CVE-2021-43798 (directory traversal)

Grafana 8 before version 8.3.1 is vulnerable to directory traversal,
allowing access to local files. The vulnerable URL path is
/public/plugins/, where is
the plugin ID for any installed plugin.

- CVE-2021-43813 (directory traversal)

A security issue has been found in Grafana before version 8.3.2 through
which authenticated users could read out fully lowercase or fully
uppercase .md files through directory traversal. The vulnerable URL
path is: /api/plugins/.*/markdown/.* for .md files.

- CVE-2021-43815 (directory traversal)

A security issue has been found in Grafana 8 before version 8.3.2
through which authenticated users could read out arbitrary .csv files
through directory traversal. The vulnerable URL path is: /api/ds/query.

Impact
=====
A remote attacker could access arbitrary local files on the server
through directory traversal.

References
=========
  https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
  https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/
  https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/
  https://j0vsec.com/post/cve-2021-43798/
  https://github.com/grafana/grafana/commit/00e38ba555cfb120361c9623de3285d70c60172f
  https://github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q
  https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
  https://github.com/grafana/grafana/commit/06706efbbe59ad9d3075835cc31e2f734e36df95
  https://github.com/grafana/grafana/security/advisories/GHSA-7533-c8qv-jm9m
  https://github.com/grafana/grafana/commit/1d7105c0959df2083814237024f7ec098a76099b
  https://security.archlinux.org/CVE-2021-43798
  https://security.archlinux.org/CVE-2021-43813
  https://security.archlinux.org/CVE-2021-43815