CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.</br>
This vulnerability works on versions 8.0.0-beta1, 8.0.0 to 8.3.0.</br>
Tested only on 8.2.0. Exploit works by creating a [list of vulnerable](https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p) plugins and sending HTTP requests checking if it's installed.
While checking, it will try to get the file provided in _file_read_ option.</br>
`python3 cve-2021-43798.py -t 127.0.0.1 -p 3000 -f /etc/passwd`