CVE-2018-19039Sensitive Information Exposure in Grafana

CWE-200Sensitive Information Exposure6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
9.2%
top 7.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
GrafanaRedhat Ceph StorageRedhat Enterprise Linux Desktop+2 more
Timeline
PublishedDec 13
Latest updateMay 13

Description

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDgrafana/grafana5.0.05.3.3+1

Patches

Patch: community.grafana.comPatch: community.grafana.com

🔴Vulnerability Details

3
GHSA
GHSA-7vqc-8389-rvvr: Grafana before 42022-05-13
CVEList
CVE-2018-19039: Grafana before 42018-12-13
OSV
CVE-2018-19039: Grafana before 42018-12-13

📋Vendor Advisories

1
Red Hat
grafana: File exfiltration2018-11-13

💬Community

1
Bugzilla
CVE-2018-19039 grafana: File exfiltration2018-11-14
CVE-2018-19039 — Sensitive Information Exposure | cvebase