Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-13
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Products | Grafana, Active_iq_performance_analytics_services, Storagegrid_webscale_nas_bridge, Ceph_storage, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation |
Type | Information Exposure (CWE-200) |
First patch | - None (likely due to unavailable code) |
Links |
• https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/
• https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961 • http://www.securityfocus.com/bid/105994 • https://access.redhat.com/errata/RHSA-2019:0747 • https://security.netapp.com/advisory/ntap-20190416-0004/ |