An information-disclosure flaw was found in Grafana. The database directory /var/lib/grafana
and database file /var/lib/grafana/grafana.db
are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
CPE | Name | Operator | Version |
---|---|---|---|
github.com/grafana/grafana | lt | 7.2.1 |
access.redhat.com/security/cve/CVE-2020-12458
bugzilla.redhat.com/show_bug.cgi?id=1827765
github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00
github.com/grafana/grafana/issues/8283
lists.fedoraproject.org/archives/list/[email protected]/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS
lists.fedoraproject.org/archives/list/[email protected]/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A
nvd.nist.gov/vuln/detail/CVE-2020-12458
security.netapp.com/advisory/ntap-20200518-0001