# CVE-2021-43798

First I found the service that was running and the version&#x20;

![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FmkdcAKgAXAzQHsJMrTHn%2FFound%20the%20version%20of%20the%20service.PNG?alt=media\&token=e725e614-75f5-4be5-95a6-ecbfc830d422)

Then I had to google the CVE for this version

![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2F5J4sU32U9jWRlqvdGhtD%2FGoogled%20the%20CVE%20on%20this%20version.PNG?alt=media\&token=87d0914a-ba85-41c6-ac5a-5ae5e71b08f4)

What the CVE Does - A directory path traversal vulnerability was found in Grafan. This flaw allows an attacker to obtain read access to the local files due to lack of path normalization in the /public/plugins/URL.

I ran the CVE to show the tokens stored on the kube pod

![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FojLWz0dYoij9UQcNnx72%2FRunning%20the%20CVE%20to%20see%20the%20tokens%20stored%20on%20the%20kubernetes%20pod.PNG?alt=media\&token=1452a369-03b9-4448-9c20-9d42e537f529)

I then put the token into jwt.io and to see the necessary YAML information.

![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FcOqaeSuiym0BaeHT8gNw%2FDecoding%20the%20token.PNG?alt=media\&token=1c98c110-2a49-414f-baf4-e3b98097c4a0)