An gano wani rauni (CVE-2021-43798) a cikin dandamali na gani na gani na bayanai na Grafana, wanda ke ba ku damar tserewa fiye da kundin adireshin kuma sami damar yin amfani da fayiloli na sabani a cikin tsarin fayil na gida na uwar garken, har zuwa haƙƙin samun dama. na mai amfani wanda Grafana ke gudana yana ba da izini. Matsalar tana faruwa ne ta hanyar kuskuren aiki na mai sarrafa hanya "/jama'a/plugins/ /", wanda ya ba da damar amfani da haruffan "..." don samun dama ga kundayen adireshi.
Ana iya amfani da raunin ta hanyar samun damar URL na abubuwan da aka riga aka shigar, kamar "/jama'a/plugins/graph/", "/jama'a/plugins/mysql/" da"/jama'a/plugins/prometheus/"(kimanin 40) plugins an riga an shigar dasu gabaɗaya). Misali, don samun damar fayil ɗin /etc/passwd, zaku iya aika buƙatar "/public/plugins/prometheus/../../../../../../. /passwd". Don gano alamun cin zarafi, ana ba da shawarar bincika kasancewar mashin “..% 2f” a cikin rajistan ayyukan sabar http.
Matsalar ta bayyana tun daga sigar 8.0.0-beta1 kuma an daidaita shi a cikin sakin Grafana 8.3.1, 8.2.7, 8.1.8 da 8.0.7, amma sai aka gano wasu ƙarin lahani iri ɗaya (CVE-2021-43813, CVE-2021-43815) wanda ya bayyana yana farawa daga Grafana 5.0.0 da Grafana 8.0.0-beta3, kuma ya ƙyale ingantaccen mai amfani da Grafana don samun damar fayiloli na sabani akan tsarin tare da kari ".md" da ".csv" (tare da fayil sunaye kawai a cikin ƙananan ko kawai a cikin manya), ta hanyar yin amfani da haruffan "..." a cikin hanyoyin "/api/plugins/.*/markdown/.*" da "/api/ds/query". Don kawar da waɗannan raunin, an ƙirƙiri sabuntawar Grafana 8.3.2 da 7.5.12.
source: budenet.ru