Note:
This project will be discontinued after December 13, 2021. [more]
2020-04-29
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
| Products | Fedora, Grafana, Ceph_storage, Enterprise_linux |
| Type | Incorrect Permission Assignment for Critical Resource (CWE-732) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/grafana/grafana/issues/8283
• https://access.redhat.com/security/cve/CVE-2020-12458 • https://security.netapp.com/advisory/ntap-20200518-0001/ • https://bugzilla.redhat.com/show_bug.cgi?id=1827765 • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/ |