Lucene search
Veracode Vulnerability DatabaseVERACODE:7823HistoryNov 16, 2018 - 6:51 a.m.
Information Disclosure
2018-11-1606:51:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.029 Low
EPSS
Percentile
90.9%
github.com/grafana/grafana is vulnerable to information disclosure. The library does not restrict Editor or Admin users from entering local filesystem URLs, allowing a malicious user to gain read access to sensitive files on the server.
References
lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
www.securityfocus.com/bid/105994
access.redhat.com/errata/RHSA-2019:0747
access.redhat.com/errata/RHSA-2019:0911
bugzilla.redhat.com/show_bug.cgi?id=1649697
community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
security.netapp.com/advisory/ntap-20190416-0004/
www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/
Related
checkpoint_advisories
checkpoint_advisories
Grafana Labs Arbitrary File Read (CVE-2018-19039)
2019-11-25 00:00:00
ubuntucve
ubuntucve
CVE-2018-19039
2018-12-13 00:00:00
redhat
redhat
cve
cve
CVE-2018-19039
2018-12-13 19:29:00
redhatcve
redhatcve
CVE-2018-19039
2020-04-09 07:07:39
openvas
openvas
Grafana 4.1.0 < 4.6.5, 5.0 < 5.3.3 Information Disclosure Vulnerability
2019-07-01 00:00:00
prion
prion
Code injection
2018-12-13 19:29:00
osv
osv
CVE-2018-19039
2018-12-13 19:29:00
cvelist
cvelist
CVE-2018-19039
2018-12-13 19:00:00
nvd
nvd
CVE-2018-19039
2018-12-13 19:29:00
nessus
nessus
RHEL 7 : Red Hat Ceph Storage 3.2 (RHSA-2019:0911)
2019-05-13 00:00:00
RHEL 7 : Red Hat Ceph Storage 2.5 (RHSA-2019:0747)
2019-04-12 00:00:00
archlinux
archlinux
[ASA-201811-15] grafana: arbitrary filesystem access
2018-11-15 00:00:00
suse
suse
Security update for grafana (moderate)
2020-10-04 00:00:00