CVE-2021-43798CISA KEV: Actively Exploited

Grafana Path Traversal Vulnerability

Published Oct 9, 2025·Updated Oct 9, 2025

Description

Grafana contains a path traversal vulnerability that could allow access to local files.

Public Exploits & PoCs49 found

PoC: Grafana-CVE-2021-43798

Grafana Unauthorized arbitrary file reading vulnerability

273

PoC: grafanaExp

A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.

192

PoC: CVE-2021-43798

CVE-2021-43798:Grafana 任意文件读取漏洞

28

PoC: CVE-2021-43798

Grafana Arbitrary File Reading Vulnerability

26

PoC: CVE-2021-43798-Grafana-POC

CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数

12

PoC: CVE-2021-43798-grafana_fileread

grafana CVE-2021-43798任意文件读取漏洞POC,采用多插件轮训检测的方法,允许指定单URL和从文件中读取URL

11

PoC: CVE-2021-43798

CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)

9

PoC: exploit-grafana-CVE-2021-43798

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

7

PoC: CVE-2021-43798-Grafana-Exp

Grafanav8.*版本任意文件读取漏洞批量检测工具:该漏洞目前为0day漏洞,未授权的攻击者利用该漏洞,能够获取服务器敏感文件。

7

PoC: Grafana_POC-CVE-2021-43798

Grafana-POC任意文件读取漏洞(CVE-2021-43798)

5

PoC: CVE-2021-43798

Simple program for exploit grafana

5

PoC: grafanaExp

利用grafan CVE-2021-43798任意文件读漏洞,自动探测是否有漏洞、存在的plugin、提取密钥、解密server端db文件,并输出data_sourrce信息。

5

PoC: CVE-2021-43798

Grafana8.x 任意文件读取

4

PoC: Grafana-CVE-2021-43798

Grafana任意文件读取

3

PoC: Grafana-CVE-2021-43798Exp

CVE-2021-43798Exp多线程批量验证脚本

2

PoC: CVE-2021-43798

Arbitrary file read in Grafana allows an attacker to read server files by abusing a path traversal.

1

PoC: CVE-2021-43798

Directory Traversal and Arbitrary File Read on Grafana

1

PoC: CVE-2021-43798

运用golang写的grafana批量验证脚本,内置48个验证

1

PoC: CVE-2021-43798-Grafana

CVE-2021-43798 Grafana任意文件读取

1

PoC: CVE-2021-43798

CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.

1

PoC: GrafTraverse-CVE-2021-43798

CVE-2021-43798 MiNi Exploitation Framework

PoC: -Grafana-LFI-CVE-2021-43798

📂 Grafana LFI Exploit (CVE-2021-43798). Extracción automatizada de credenciales y configuración. 🕵️

PoC: CVE-2021-43798

By PrivacyHunter

PoC: CVE-2021-43798-PoC

Simple and effective PoC for CVE-2021-43798 Grafana Path Traversal

PoC: cve-2021-43798-enum

CVE-2021-4379 Enumeration Tools

PoC: Grafana-Password-Decryptor

Python toolkit for decrypting AES-256 and cracking PBKDF2 passwords from Grafana databases usually paired with (CVE-2021-43798)

PoC: CVE-2021-43798

CVE-2021-43798 is a high-severity path traversal vulnerability (CVSS 3.1 score: 7.5) affecting Grafana versions 8.0.0-beta1 through 8.3.0. It allows unauthenticated attackers to read arbitrary files from the server by exploiting improper sanitization in the /public/plugins/:pluginId endpoint

PoC: CVE-2021-43798-Grafana-path-traversal-tester

Automated path traversal testing tool for Grafana plugin endpoints using curl and Bash.

PoC: Grafana-LFI-exploit

Updated exploit script for the CVE-2021-43798

PoC: CVE-2021-43798-Exploit-for-Windows-and-Linux

Modified exploit for CVE-2021-43798 compatible with both Windows and Linux hosts.

PoC: Grafana-8.3-Directory-Traversal

CVE-2021-43798 working exploit

PoC: GrafXploit

Automated Exploit Tool for Grafana CVE-2021-43798: Scanning common files that contain juicy informations and extracting SSH keys from compromised users.

PoC: Grafana-CVE-2021-43798

Python implementation of a tool for decrypting and encrypting sensitive data in Grafana, specifically addressing the vulnerabilities associated with CVE-2021-43798. Grafana encrypts all data source passwords using the AES algorithm with the secret_key found in the defaults.ini configuration file.

PoC: Grafxploit

Automated Exploit Tool for Grafana CVE-2021-43798: Scanning common files that contain juicy informations and extracting SSH keys from compromised users.

PoC: Grafana-Decryptor-for-CVE-2021-43798

Grafana Decryptor for CVE-2021-43798

PoC: CVE-2021-43798

Exploit for CVE-2021-43798

PoC: CVE-2021-43798-EXPLOIT

A PoC exploit for CVE-2021-43798 - Grafana Directory Traversal

PoC: CVE-2021-43798

POC for CVE-2021-43798 written in python

PoC: GrafanaDirectoryScanner

Exploit for grafana CVE-2021-43798

PoC: LabAutomationCVE-2021-43798

This script implements a lab automation where I exploit CVE-2021-43798 to steal user secrets and then gain privileges on a Linux system.

PoC: SunScope

Inspired by Ambassador on HackTheBox to exploit the now patched CVE-2021-43798

PoC: cve-2021-43798

cve-2021-43798 Grafana 8.3.0 - Directory Traversal and Arbitrary File Read

PoC: CVE-2021-43798

Grafana - Directory Traversal and Arbitrary File Read

PoC: grafana-cve-2021-43798

This repository contains files for reproducing the vulnerability.

PoC: GrafanaDirInclusion

Script to demonstrate the Grafana directory traversal exploit (CVE-2021-43798).

PoC: CVE-2021-43798-poc

Grafana8.x 任意文件读取

PoC: Grafana_fileread

CVE-2021-43798 Grafana未授权访问读取文件

PoC: CVE-2021-43798-Grafana-File-Read

CVE-2021-43798-Grafana任意文件读取漏洞

PoC: Grafana-CVE-2021-43798

Grafana File-Read Vuln

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free