# Grafana

* The file **`/etc/grafana/grafana.ini`** can contain sensitive information such as **admin** **username** and **password.**
* By default it uses **SQLite3** database in **`/var/lib/grafana/grafana.db`**
  * `select user,password,database from data_source;`

### CVE-2021-43798

Affected version(s): 8.3.0

{% embed url="<https://www.exploit-db.com/exploits/50581>" %}

### **CVE-2021-43798**

Affected version(s): 8.3.1, 8.2.7, 8.1.8, 8.0.7

{% embed url="<https://github.com/jas502n/Grafana-CVE-2021-43798>" %}