Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2020-12459

Published: 29/04/2020 Updated: 07/11/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Grafana

Vulnerability Summary

In certain Red Hat packages for Grafana 6.x up to and including 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

grafana grafana

fedoraproject fedora 31

fedoraproject fedora 32

Vendor Advisories

Red Hat: Moderate: grafana security, bug fix, and enhancement update
Synopsis Moderate: grafana security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for grafana is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh security update
Synopsis Moderate: Red Hat OpenShift Service Mesh security update Type/Severity Security Advisory: Moderate Topic An update for jaeger, kiali, and servicemesh-grafana is now available for OpenShift Service Mesh 10Red Hat Product Security has rated this update as having a security impact of Moderate A Com ...

References

CWE-732https://github.com/grafana/grafana/issues/8283https://bugzilla.redhat.com/show_bug.cgi?id=1829724https://access.redhat.com/security/cve/CVE-2020-12459https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277https://security.netapp.com/advisory/ntap-20200518-0004/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:4682
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook