ALT-PU-2020-2045-1
Closed vulnerabilities
Published: 2020-04-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12458
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- https://access.redhat.com/security/cve/CVE-2020-12458
- https://bugzilla.redhat.com/show_bug.cgi?id=1827765
- https://github.com/grafana/grafana/issues/8283
- FEDORA-2020-d109a1d1d9
- FEDORA-2020-c6b0c7ebbb
- https://security.netapp.com/advisory/ntap-20200518-0001/
- https://access.redhat.com/security/cve/CVE-2020-12458
- https://security.netapp.com/advisory/ntap-20200518-0001/
- FEDORA-2020-c6b0c7ebbb
- FEDORA-2020-d109a1d1d9
- https://github.com/grafana/grafana/issues/8283
- https://bugzilla.redhat.com/show_bug.cgi?id=1827765
Published: 2020-05-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
Severity: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
- https://github.com/grafana/grafana/pull/24539
- https://github.com/grafana/grafana/releases/tag/v7.0.0
- https://security.netapp.com/advisory/ntap-20200528-0003/
- https://github.com/grafana/grafana/pull/24539
- https://security.netapp.com/advisory/ntap-20200528-0003/
- https://github.com/grafana/grafana/releases/tag/v7.0.0