An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 31 | |
fedora | eq | 32 | |
grafana | le | 6.7.3 | |
ceph_storage | eq | 3.0 | |
ceph_storage | eq | 4.0 | |
enterprise_linux | eq | 8.0 |
access.redhat.com/security/cve/CVE-2020-12458
bugzilla.redhat.com/show_bug.cgi?id=1827765
github.com/grafana/grafana/issues/8283
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/
security.netapp.com/advisory/ntap-20200518-0001/