CVE-2018-19039: Infoleak
First published: Wed Nov 14 2018(Updated: )
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/grafana | <5.3.3 | 5.3.3 |
| redhat/grafana | <4.6.5 | 4.6.5 |
| Grafana Grafana | <4.6.5 | |
| Grafana Grafana | >=5.0.0<5.3.3 | |
| Redhat Ceph Storage | =3.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Netapp Active Iq Performance Analytics Services | ||
| Netapp Storagegrid Webscale Nas Bridge |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
- http://www.securityfocus.com/bid/105994
- https://access.redhat.com/errata/RHSA-2019:0747
- https://access.redhat.com/errata/RHSA-2019:0911
- https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
- https://security.netapp.com/advisory/ntap-20190416-0004/
- https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/
Frequently Asked Questions
What is the vulnerability ID for this Grafana vulnerability?
The vulnerability ID for this Grafana vulnerability is CVE-2018-19039.
What is the severity level of CVE-2018-19039?
The severity level of CVE-2018-19039 is medium.
How can remote authenticated users exploit CVE-2018-19039?
Remote authenticated users can exploit CVE-2018-19039 by leveraging Editor or Admin permissions to read arbitrary files.
Which versions of Grafana are affected by CVE-2018-19039?
Grafana versions before 4.6.5 and 5.x before 5.3.3 are affected by CVE-2018-19039.
How can I fix CVE-2018-19039?
To fix CVE-2018-19039, update Grafana to version 4.6.5 or 5.3.3.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/description
- agent/weakness
- agent/severity
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-19039
- agent/software-canonical-lookup
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/grafana
- canonical/grafana grafana
- version/grafana grafana/5.0.0
- vendor/redhat
- canonical/redhat ceph storage
- version/redhat ceph storage/3.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/netapp
- canonical/netapp active iq performance analytics services
- canonical/netapp storagegrid webscale nas bridge