Описание
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
A security issue was found that could allow any users with Editor or Admin permissions in Grafana to read any file that the Grafana process can read from the filesystem. However, in order to exploit this issue you would need to be logged in to the system as a legitimate user with Editor or Admin permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | openshift3/grafana | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | grafana | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | grafana | Will not fix | ||
| Red Hat Storage 3 | grafana | Affected | ||
| Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7 | ceph | Fixed | RHSA-2019:0747 | 11.04.2019 |
| Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7 | grafana | Fixed | RHSA-2019:0747 | 11.04.2019 |
| Red Hat Ceph Storage 3.2 | ceph | Fixed | RHSA-2019:0911 | 30.04.2019 |
| Red Hat Ceph Storage 3.2 | ceph-ansible | Fixed | RHSA-2019:0911 | 30.04.2019 |
| Red Hat Ceph Storage 3.2 | grafana | Fixed | RHSA-2019:0911 | 30.04.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated ...
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
EPSS
6.5 Medium
CVSS3