vulnerability

Red Hat: CVE-2020-12459: CVE-2020-12459 grafana: information disclosure through world-readable grafana configuration files (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	2020-04-29	2020-11-05	2023-12-15

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

2020-04-29

Added

2020-11-05

Modified

2023-12-15

Description

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.

Solution(s)

redhat-upgrade-grafanaredhat-upgrade-grafana-azure-monitorredhat-upgrade-grafana-cloudwatchredhat-upgrade-grafana-debuginforedhat-upgrade-grafana-elasticsearchredhat-upgrade-grafana-graphiteredhat-upgrade-grafana-influxdbredhat-upgrade-grafana-lokiredhat-upgrade-grafana-mssqlredhat-upgrade-grafana-mysqlredhat-upgrade-grafana-opentsdbredhat-upgrade-grafana-postgresredhat-upgrade-grafana-prometheusredhat-upgrade-grafana-stackdriver

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today