Security News > 2021 > December > Grafana fixes zero-day vulnerability after exploits spread over Twitter
Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files.
Earlier today, Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7 were released to fix a path traversal vulnerability that could allow an attacker to navigate outside the Grafana folder and remotely access restricted locations on the server, such as /etc/password/.
Grafana Labs published a blog post today explaining that problem was with the URL for installed plug-ins, which was vulnerable to path traversal attacks.
Grafana Labs received a report about the vulnerability at the end of last week, on December 3, and came up with a fix on the same day.
Grafana Cloud instances have not been impacted, the developer said today.
According to public reports, there are thousands of Grafana servers exposed on the public internet.
News URL
Related news
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)