Main Vulnerability Database Vulnerabilities #VU15923

#VU15923 Information disclosure in Grafana - CVE-2018-19039

Published: November 15, 2018 / Updated: November 16, 2018

Vulnerability identifier: #VU15923

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-19039

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Grafana

Software vendor:
Grafana Labs

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to file exfiltration. A local attacker with Editor or Admin permissions can read any file that the Grafana process can read from the filesystem.

Remediation

The vulnerability has been fixed in the versions 4.6.5, 5.3.3.

External links

https://grafana.com/blog/2018/11/13/grafana-5.3.3-and-4.6.5-released-with-important-security-fix/

#VU15923 Information disclosure in Grafana - CVE-2018-19039

Description

Remediation

External links

Please verify you're human