An information-disclosure flaw was found in Grafana up to and including 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grafana grafana |
||
redhat ceph storage 3.0 |
||
redhat enterprise linux 8.0 |
||
redhat ceph storage 4.0 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |