ALT-PU-2020-1420-1
Closed vulnerabilities
Published: 2020-08-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-19499
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2020-04-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12459
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- https://access.redhat.com/security/cve/CVE-2020-12459
- https://bugzilla.redhat.com/show_bug.cgi?id=1829724
- https://github.com/grafana/grafana/issues/8283
- FEDORA-2020-d109a1d1d9
- FEDORA-2020-c6b0c7ebbb
- https://security.netapp.com/advisory/ntap-20200518-0004/
- https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277
- https://access.redhat.com/security/cve/CVE-2020-12459
- https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277
- https://security.netapp.com/advisory/ntap-20200518-0004/
- FEDORA-2020-c6b0c7ebbb
- FEDORA-2020-d109a1d1d9
- https://github.com/grafana/grafana/issues/8283
- https://bugzilla.redhat.com/show_bug.cgi?id=1829724