Note:
This project will be discontinued after December 13, 2021. [more]
2020-08-28
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Products | Grafana |
Type | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
First patch | - None (likely due to unavailable code) |
Links |
• https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/
• https://security.netapp.com/advisory/ntap-20200918-0003/ |