Grafana is an open-source platform for monitoring and observability. Versions 8.0.0-beta1 through 8.3.0 (except for patched versions) are vulnerable to a directory traversal attack, allowing unauthorized access to local files. This vulnerability does not affect Grafana Cloud. The vulnerability exists in the handling of the URL path <grafana_host_url>/public/plugins//. By manipulating the <plugin_id> parameter, an attacker can traverse directories and access files outside the intended directory.
An attacker could exploit this vulnerability to access sensitive files on the host system, potentially leading to further compromise of the Grafana instance or the host system itself.
Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) are affected by this vulnerability.
This exploit is intended for educational purposes only. Misuse of this exploit or any information related to it is not condoned and is the sole responsibility of the user.