Re-exploring CVE-2021-43798 in Grafana

Pre-auth Directory Traversal that reads local files — exploitation, detection, and containment policies

TL;DR

This is a re-exploitation of CVE-2021-43798, which is a pre-auth path traversal on the /public/plugins/<plugin-id>/... endpoint of Grafana 8.x. An attacker can read local files from the server/container (e.g., /etc/grafana/grafana.ini, /var/lib/grafana/grafana.db, /proc/self/environ) using valid plugin IDs — many of which come by default, making exploitation trivial. Affected versions are 8.0.0-beta1 to 8.3.0; the fix was released in 8.0.7 / 8.1.8 / 8.2.7 / 8.3.1. Update immediately. If that is not possible right now, mitigate with WAF/rewrites blocking ../, restrict exposure, and apply NetworkPolicies and Admission Policies to reduce attack surface and impact.

You might think this CVE no longer makes sense, but there are still MANY outdated environments and, at the same time, many attacks targeting them, as shown by greynoise.

Phase 1 — What is the problem with this CVE

Technical summary of the bug

The static file handler for plugins in Grafana 8.x does not properly sanitize the requested path. By accessing GET /public/plugins/<plugin-id>/../../../../<file>, the server returns content outside the plugin directory, allowing unauthenticated local file read. The vector exists for any installed plugin (including built-ins).

Why is this relevant in 2025?
Despite being old, the flaw remained widely exploitable for a long time due to improper exposure and late patching; analyses show recurring exploitation and probing even years after the fix. In environments where Grafana holds credentials for data sources and critical integrations, reading local files turns into initial access when combined with other steps (e.g., decrypting secrets from the grafana.db after obtaining the secret key).

Timeline and fixed builds
The fix was published on December 7, 2021 in versions 8.3.1 / 8.2.7 / 8.1.8 / 8.0.7 and detailed by Grafana Labs itself in subsequent posts.

Phase 2 — What it affects and exploitation scenarios

Affected versions and fix

• Affected: 8.0.0-beta1 → 8.3.0;

• Fixed: 8.0.7, 8.1.8, 8.2.7, 8.3.1.
  (Upgrade to one of these series or higher.)

Prerequisites and attack surface

• No authentication is required;

• A valid plugin-id is sufficient (e.g., alertlist, annolist, barchart, bargauge, candlestick, cloudwatch, dashlist, elasticsearch — all common by default).

Quick PoC (lab)

Warning: for educational purposes in a controlled environment.

# /etc/passwd via plugin built-in
curl -s http://GRAFANA:3000/public/plugins/alertlist/../../../../../../etc/passwd

# URL-encoded (usually bypasses some silly filters)
curl -s "http://GRAFANA:3000/public/plugins/alertlist/..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"

# Sensitive files inside the Grafana container/VM
curl -s http://GRAFANA:3000/public/plugins/alertlist/../../../../../../etc/grafana/grafana.ini
curl -s http://GRAFANA:3000/public/plugins/alertlist/../../../../../../var/lib/grafana/grafana.db
curl -s

References of public modules/PoCs (for understanding the vector): Exploit-DB and Metasploit module.

“And what after I read the grafana.db?”

Grafana stores encrypted data sources credentials. The current model uses DEKs (data keys) kept in the database and protected by a KEK (Key Encryption Key) defined by secret_key (config or KMS). If an attacker reads the database (grafana.db) and the secret_key, it is possible to decrypt secrets depending on the configuration/version (e.g., when the local secret_key protects the DEKs). In misconfigured setups (without KMS) this can expose passwords/tokens from data sources.

Practical scenarios in Kubernetes

1. Grafana exposed (LoadBalancer/Ingress) without IP filtering and without WAF: reading grafana.ini + grafana.db ⇒ credential extraction and lateral movement to databases/observability;

2. Grafana in-cluster but accessible from compromised Pods: local reading and exfiltration via open egress;

3. Sensitive variables in environment: reading /proc/self/environ can reveal GF_SECURITY_ADMIN_PASSWORD, API keys, cloud tokens.

Phase 3 — How to fix (priorities and policies)

1) Upgrade now

Rollout to a version 8.0.7 / 8.1.8 / 8.2.7 / 8.3.1 (or higher).

Recommendation: Upgrade to at least the versions above and perform a controlled rollout. Subscribe to the Grafana image without CVEs at quor.dev.

2) Immediate Hardening (if you cannot upgrade today)

Blocking path traversal at the edge (Nginx):

location ~* ^/public/plugins/.*/(\.\.|%2e%2e)/ {
  return 403;
}
# Extra protection against "dot-dot" segments even without slash
if ($request_uri ~* "/public/plugins/.*\.\.") { return

Apache (mod_rewrite):

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/public/plugins/ [NC]
RewriteCond %{THE_REQUEST} \.\. [OR]
RewriteCond %{REQUEST_URI} \.\. [OR]
RewriteCond %{QUERY_STRING} \.\.
RewriteRule ^ - [F]

Grafana “behind” CDN/WAF: create a rule to deny ../ and %2f.. specifically under /public/plugins/.

3) NetworkPolicies (Kubernetes)

Reduce the ingress and egress surfaces of the Grafana Pod:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: grafana-minimal
  namespace: observability
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: grafana
  policyTypes: [Ingress, Egress]
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: platform
    ports:
    - protocol: TCP
      port: 3000
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          name: monitoring
    ports:
    - protocol: TCP
      port: 9090   # e.g.: Prometheus
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - protocol: TCP
      port: 443    # only strictly necessary

Note: the CVE reads local files; NetworkPolicy does not prevent reading, but reduces exfiltration.

4) Admission Policies (CEL) for workload hygiene

Block privileged Pods and require digest on images (reduces the risk of vulnerable rollbacks and lateral movement after initial access via Grafana):

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
  name: baseline-security
spec:
  matchConstraints:
    resourceRules:
      - apiGroups: [""]
        apiVersions: ["v1"]
        operations: ["CREATE","UPDATE"]
        resources: ["pods"]
  validations:
    - expression: "object.spec.containers.all(c, c.image.matches('.*@sha256:.*'))"
      message: "Image must be pinned by digest"
    - expression: "has(object.spec.securityContext) && object.spec.securityContext.runAsNonRoot == true"
      message: "Pods must run as non-root"
    - expression: |
        object.spec.containers.all(c,
          has(c.securityContext) &&
          c.securityContext.privileged != true &&
          c.securityContext.allowPrivilegeEscalation != true)
      message: "No privileged and no allowPrivilegeEscalation"
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicyBinding
metadata:
  name: baseline-security-binding
spec:
  policyName: baseline-security
  validationActions: ["Deny"

5) Grafana secrets and encryption

• Rotate secret_key and re-protect DEKs;

• Consider KMS (e.g., Azure Key Vault) for the KEK, removing the static secret from the filesystem;

• Minimize the value of grafana.db at rest (credentials via lower-privilege, scoped, and short-lived service accounts).

Detection and response

Indicators in logs (Nginx/Ingress/LB)

• Patterns in URI/args: ../, %2e%2e, %2f.. under /public/plugins/<plugin-id>/;

• Anomalous access to /etc/, /proc/, /var/lib/grafana/ via this endpoint.

Loki queries (examples):

{app="nginx", namespace="edge"} |= "/public/plugins/" |~ "\\.\\.|%2e%2e"
{app="ingress-nginx"} |= "/public/plugins/" |~ "%2f..|/\\.\\."

Specific threat hunting

• Reading of grafana.ini followed by grafana.db from the same IP/ASN;

• Scanning patterns for common plugin-ids (alertlist, annolist, etc.).

Summary Risk Matrix

Checklist for your team

• Inventory versions of Grafana and upgrade to 8.0.7/8.1.8/8.2.7/8.3.1 or higher;

• Block ../ in /public/plugins/ on Nginx/Ingress/CDN;

• Restrict exposure (allowed IPs, mTLS when possible);

• Apply NetworkPolicies and base Admission Policies;

• Rotate secret_key and evaluate KMS for Grafana data;

• Alerts in Loki for traversal patterns;

• Assessment of installed plugins (remove what is not needed) and review of data sources credentials.

References

• Advisory/corrected product lines by Grafana (Dec/2021). (Grafana Labs)

• Official technical details and timeline of the 0-day. (Grafana Labs)

• Affects 8.0.0-beta1 → 8.3.0; vector /public/plugins/<plugin-id>/.... (GitHub)

• List of default plugin-ids useful for proofs of concept. (SonicWall)

• Exploit-DB / Metasploit scanner for studying the vector. (exploit-db.com)

• Secrets encryption in Grafana (DEKs/KEK secret_key) and KMS usage. (Grafana Labs)

• Exploitation analysis and context of use as initial access. (SonicWall)

Want to understand how to build a container ecosystem without CVEs? Discover at quor.dev