CVE-2020-12459

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Grafana versions 6.0.0 through 6.3.6 Grafana versions prior to 7.2.1

Description The configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml are world readable, containing a secret key and a bind password.

Recommendations For Grafana versions 6.0.0 through 6.3.6, update to version 7.2.1 or later to resolve the issue. For Grafana versions prior to 7.2.1, update to version 7.2.1 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml to restrict read access.

Fix

Information Disclosure

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-732

Related Identifiers

ALSA-2020:4682

ALT-PU-2020-1420

ALT-PU-2020-2204

BIT-GRAFANA-2020-12459

CESA-2020_4682

CVE-2020-12459

GHSA-M25M-5778-FM22

GO-2024-2519

RHSA-2020:2362

RHSA-2020:4682

RHSA-2020_4682

Affected Products

Alt Linux

Almalinux

Centos

Grafana

Red Hat

CVE-2020-12459

Weakness Enumeration

Related Identifiers

Affected Products

References · 30