CVE-2019-19499

Опубликовано: 28 авг. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Средний

Описание

Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.

Ссылки

https://security.netapp.com/advisory/ntap-20200918-0003/
Third Party Advisory
https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/
Exploit
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200918-0003/
Third Party Advisory
https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

Версия до 6.4.3 (включая)

EPSS

Процентиль: 97%

0.37437

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2019-19499

CVSS3: 6.5

ubuntu

почти 5 лет назад

Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.

CVE-2019-19499

CVSS3: 6.5

redhat

почти 5 лет назад

Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.

CVE-2019-19499

CVSS3: 6.5

debian

почти 5 лет назад

Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could ...

GHSA-4pwp-cx67-5cpx

CVSS3: 6.5

github

больше 1 года назад

Grafana Arbitrary File Read

ELSA-2020-4682

oracle-oval

больше 4 лет назад

ELSA-2020-4682: grafana security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 97%

0.37437

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89