Grafana releases security patch after exploit for severe bug goes public

Grafana Labs has released an emergency security update today to patch a critical vulnerability after security researchers released proof-of-concept code to exploit the issue over the weekend.

The vulnerability, tracked as CVE-2021-43798, impacts the company's main product, the Grafana dashboard, used by companies across the globe to monitor and aggregate logs and other parameters from across their local or remote networks.

Described as a path traversal attack, the vulnerability can allow an attacker to read files outside the Grafana application's folder.

For example, an attacker can abuse Grafana plugin URLs to escape the Grafana app folder and gain access to files stored on the underlying server, such as files storing passwords and configuration settings—details that the attacker could weaponize in subsequent attacks.

All Grafana self-hosted servers running 8.x versions of the software are considered vulnerable.

The issue was patched today with the release of Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7. In its patch notes, Grafana Labs said that its cloud-hosted Grafana dashboards were not impacted by this vulnerability, which benefited from additional security protections.

Earlier today, The Record learned of such code being shared on Twitter and GitHub. We reached out to the company, which released a security update a few hours later.

Grafana did say in its statement that it was aware of the issue since last week, when it initially received a bug report, but was eventually forced into releasing an emergency patch earlier today after proof-of-concept code to exploit the bug was published online.

Several security researchers also claimed online today that the issue was being actively exploited in real-world attacks, but it was unclear if the exploitation was being done by bug bounty hunters or by malicious entities.

The Record could not confirm the nature of these exploitation attempts with independent third parties. There are currently between 3,000 and 5,000 Grafana servers exposed online, almost all exclusively used to monitor large corporate networks.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.