CVE-2019-19499

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Grafana versions 6.4.3 and earlier

Description The issue allows an authenticated attacker with privileges to modify data source configurations to read arbitrary files. This can be exploited by an attacker who has the necessary permissions to access and modify the data source configurations.

Recommendations For Grafana versions 6.4.3 and earlier, update to a version later than 6.4.3 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Exploit

Fix

Information Disclosure

Path traversal

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-22CWE-89

Related Identifiers

ALSA-2020:4682

ALT-PU-2020-1420

ALT-PU-2020-2204

CESA-2020_4682

CVE-2019-19499

ECHO-A232-FE57-D062

GHSA-4PWP-CX67-5CPX

GO-2024-2661

RHSA-2020:4682

RHSA-2020_4682

SUSE-SU-2021:1233-1

Affected Products

Alt Linux

Almalinux

Centos

Grafana

Red Hat

CVE-2019-19499

Weakness Enumeration

Related Identifiers

Affected Products

References · 40