Finding Grafana instances
A zero-day vulnerability for Grafana, a popular analytics and visualization software, was leaked this week. This vulnerability provides attackers a path traversal attack vector that can result in data disclosure, resulting in access to files containing confidential information or credentials. Tracked as CVE-2021-43798 with a “high” CVSS score of 7.5, this path traversal vulnerability resides in the installed plugins path logic for a Grafana instance (e.g., <grafana_host_url>/public/plugins/<plugin-id>
). Because Grafana installs with plugins by default, Grafana versions v8.0.0-beta1 through v8.3.0 are all vulnerable (Grafana Cloud is reportedly not vulnerable).
This vulnerability was originally disclosed to Grafana on December 3rd (prior to its leak as an 0-day). Grafana made patched versions available the day of the leak and advised anyone running a vulnerable version to update to a patched version as soon as possible. If upgrading isn’t an option, Grafana provides mitigation strategy as well.
As a part of good cybersecurity hygiene, you should shut down public access to Grafana servers (unless it is necessary).
How to find Grafana instances
From the Asset Inventory, use the following pre-built query to locate potentially vulnerable Grafana instances within your network:
product:grafana

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Similar Content
February 3, 2023
Finding Lexmark printer assets
Printer manufacturer Lexmark recently published details on a vulnerability that affects over 100 of their printer models. Learn how runZero can help you find potentially affected assets.
December 9, 2022
Finding Cisco 7800 and 8800 series IP phone assets on your network
Cisco 7800 and 8800 IP phones can be found in many companies and organizations. Successful exploitation of this vulnerability can provide an unauthenticated attacker in the same network segment or VLAN with remote code execution or denial-of-service capabilities.
December 5, 2022
Finding MegaRAC BMC assets on your network
MegaRAC can be found in many server manufacturers’ Baseboard Management Controllers (BMCs), including AMD, Ampere Computing, ASRock, Asus, ARM, Dell EMC, Gigabyte, HPE, Huawei, Inspur, Lenovo, Nvidia, Qualcomm, Quanta, and Tyan. Successful exploitation of these …