First published: Thu Apr 23 2020(Updated: )
An information-disclosure flaw was found in Grafana distributed by Red Hat. This flaw allows a local attacker access to potentially sensitive information such as secret_key and a bind_password from the world-readable files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jaeger | <0:v1.13.1.redhat7-1.el7 | 0:v1.13.1.redhat7-1.el7 |
redhat/kiali | <0:v1.0.11.redhat1-1.el7 | 0:v1.0.11.redhat1-1.el7 |
redhat/servicemesh-grafana | <0:6.2.2-36.el8 | 0:6.2.2-36.el8 |
redhat/grafana | <0:6.7.4-3.el8 | 0:6.7.4-3.el8 |
Grafana Grafana | >=6.0.0<=6.3.6 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
redhat/grafana 6.7.3 | <1 | 1 |
go/github.com/grafana/grafana | >=6.0<7.2.1 | 7.2.1 |
Manually change the files permission to remove readable bits for others: # chmod 640 /etc/grafana/grafana.ini /etc/grafana/ldap.toml
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.