Miggo Logo

CVE-2021-43815: Grafana directory traversal for .cvs files

4.3

CVSS Score
3.1

Basic Information

EPSS Score
0.65262%
Published
5/14/2024
Updated
5/14/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/grafana/grafanago>= 8.0.0-beta3, <= 8.3.18.3.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability exists in the TestData DB data source's CSV handling. The loadCsvFile function in csv_data.go was vulnerable due to: 1) Weak regex validation allowing bypass via crafted filenames 2) Lack of path sanitization when joining user-controlled fileName with the base directory. The patch strengthens the regex to ^\w+\.csv$ and adds filepath.Clean, confirming the original vulnerability. The function's role in processing CSV requests via /api/ds/query aligns with the vulnerability description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

To**y w* *r* r*l**sin* *r***n* `*.*.*` *n* `*.*.**`. T*is p*t** r*l**s* in*lu**s * mo**r*t* s*v*rity s**urity *ix *or *ir**tory tr*v*rs*l *or *r*itr*ry `.*sv` *il*s. It only *****ts inst*n**s t**t **v* t** **v*lop*r t*stin* tool **ll** [T*st**t* ** *

Reasoning

T** vuln*r**ility *xists in t** T*st**t* ** **t* sour**'s *SV **n*lin*. T** `lo***sv*il*` *un*tion in `*sv_**t*.*o` w*s vuln*r**l* *u* to: *) W**k r***x v*li**tion *llowin* *yp*ss vi* *r**t** *il*n*m*s *) L**k o* p*t* s*nitiz*tion w**n joinin* us*r-*