## https://sploitus.com/exploit?id=BED2EE02-D42B-5597-84BA-D0915D7ECEC0
# CVE-2021-43798
CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.</br>
This vulnerability works on versions 8.0.0-beta1, 8.0.0 to 8.3.0.</br>
Tested only on 8.2.0. Exploit works by creating a [list of vulnerable](https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p) plugins and sending HTTP requests checking if it's installed.
While checking, it will try to get the file provided in _file_read_ option.</br>
</br>
Usage example:
`python3 cve-2021-43798.py -t 127.0.0.1 -p 3000 -f /etc/passwd`
