Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The Grafana web application is often exposed to the internet, and this vulnerability is well known. An unauthenticated attacker can view sensitive information and launch additional attacks on the network.
Kill Chain
Risk Score
70
Grafana is an open-source web application that enables users to monitor and query a connected data source. The Grafana application contains a vulnerability that enables attackers to access local files associated with Grafana plug-ins. An attacker sends an HTTP GET request to the Grafana host URL and targets the vulnerable path: /public/plugins/<plug-in-ID>/../. The attacker then has read access to local files on the device.
Upgrade Grafana to 8.0.7, 8.1.8, 8.2.7, or 8.3.1
Block inbound and outbound traffic from suspicious URIs at the network perimeter
