Grafana

• The file /etc/grafana/grafana.ini can contain sensitive information such as admin username and password.

• By default it uses SQLite3 database in /var/lib/grafana/grafana.db

  • select user,password,database from data_source;

CVE-2021-43798

Affected version(s): 8.3.0

Grafana 8.3.0 - Directory Traversal and Arbitrary File ReadExploit Database

CVE-2021-43798

Affected version(s): 8.3.1, 8.2.7, 8.1.8, 8.0.7

GitHub - jas502n/Grafana-CVE-2021-43798: Grafana Unauthorized arbitrary file reading vulnerabilityGitHub