CVE-2021-43813 : Security Advisory and Response
Learn about CVE-2021-43813 impacting Grafana versions 8.3.2 and 7.5.12, allowing directory traversal for .md files. Discover mitigation steps and necessary updates for enhanced security.
Grafana prior to versions 8.3.2 and 7.5.12 is affected by a directory traversal vulnerability for .md files.
Understanding CVE-2021-43813
Grafana, an open-source monitoring platform, has a vulnerability allowing unauthorized access to .md files.
What is CVE-2021-43813?
The vulnerability in Grafana versions 8.3.2 and 7.5.12 permits directory traversal for .md files, potentially exposing sensitive data.
The Impact of CVE-2021-43813
The impact of this vulnerability is moderate with a CVSS base score of 4.3, affecting confidentiality.
Technical Details of CVE-2021-43813
Grafana's vulnerability specifics and affected systems.
Vulnerability Description
Grafana versions prior to 8.3.2 and 7.5.12 contain a directory traversal flaw for .md files, necessitating immediate patching.
Affected Systems and Versions
- Affected versions: >= 5.0.0, < 7.5.12 & >= 8.0.0, < 8.3.2
Exploitation Mechanism
- Limited access to .md files for authenticated users only
Mitigation and Prevention
Guidance on mitigating the vulnerability and preventing future exploits.
Immediate Steps to Take
- Upgrade to patched versions 8.3.2 or 7.5.12
- Implement a reverse proxy to normalize request PATH
- Block access to /api/plugins/./markdown/. for .md files
Long-Term Security Practices
- Regularly update Grafana to the latest versions
- Monitor security advisories and apply patches promptly
Patching and Updates
- Upgrade to Grafana versions 8.3.2 or 7.5.12 to address the vulnerability