CVE-2019-19499 (NVD)

2020-08-28

Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.

Products Grafana
Type Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
First patch - None (likely due to unavailable code)
Links https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/
https://security.netapp.com/advisory/ntap-20200918-0003/