# CVE-2021-43798

CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.</br>
This vulnerability works on versions 8.0.0-beta1, 8.0.0 to 8.3.0.</br>
Tested only on 8.2.0. Exploit works by creating a [list of vulnerable]( plugins and sending HTTP requests checking if it's installed. 
While checking, it will try to get the file provided in _file_read_ option.</br>

Usage example:
`python3 -t -p 3000 -f /etc/passwd`