What is CVE-2021-43813?

CVE-2021-43813 is a medium-severity vulnerability in Grafana, classified under Path Traversal. CVSS score: 4.3/10. Published 2021-12-10.

How severe is CVE-2021-43813?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Path Traversal in Grafana

CVE-2021-43813

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.580 (99.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Grafana — versions >= 5.0.0, < 7.5.12, >= 8.0.0, < 8.3.2

Weakness classification (CWE)

CWE-22 — Path Traversal

References

github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q (x_refsource_CONFIRM)
github.com/github/securitylab-vulnerabilities/commit/689fc5d9fd665be4d5bba200a6… (x_refsource_MISC)
github.com/grafana/grafana/commit/fd48aee61e4328aae8d5303a9efd045fa0ca308d (x_refsource_MISC)
grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-sev… (x_refsource_MISC)
grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-12/ (x_refsource_MISC)
grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-2/ (x_refsource_MISC)
[oss-security] 20211210 CVE-2021-43813 and CVE-2021-43815 - Grafana directory traversal for some .md and .csv files (mailing-list, x_refsource_MLIST)
security.netapp.com/advisory/ntap-20220107-0006/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-43813?: CVE-2021-43813 is a medium-severity vulnerability in Grafana, classified under Path Traversal. CVSS score: 4.3/10. Published 2021-12-10.
How severe is CVE-2021-43813?: Medium severity. CVSS v3 base score is 4.3 out of 10.