CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.
This vulnerability works on versions 8.0.0-beta1, 8.0.0 to 8.3.0.
Tested only on 8.2.0. Exploit works by creating a list of vulnerable plugins and sending HTTP requests checking if it's installed.
While checking, it will try to get the file provided in file_read option.
Usage example:
python3 cve-2021-43798.py -t 127.0.0.1 -p 3000 -f /etc/passwd
