CVE-2019-19499
published 2020-08-28CVE-2019-19499: Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source…
PriorityP340medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
3.59%
88.0th percentile
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | grafana_grafana | >= 0 < 6.4.4 | 6.4.4 |
| grafana | grafana | <= 6.4.3 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Arbitrary file read in github.com/grafana/grafana
osv·2024-03-28
CVE-2019-19499 Arbitrary file read in github.com/grafana/grafana
Arbitrary file read in github.com/grafana/grafana
An authenticated attacker that has privileges to modify the data source configurations can read arbitrary files.
GHSA
Grafana Arbitrary File Read
ghsa·2024-01-31
CVE-2019-19499 [MEDIUM] CWE-200 Grafana Arbitrary File Read
Grafana Arbitrary File Read
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
OSV
Grafana Arbitrary File Read
osv·2024-01-31
CVE-2019-19499 [MEDIUM] Grafana Arbitrary File Read
Grafana Arbitrary File Read
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
OSV
CVE-2019-19499: Grafana <= 6
osv·2020-08-28·CVSS 6.5
CVE-2019-19499 [MEDIUM] CVE-2019-19499: Grafana <= 6
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Red Hat
grafana: arbitrary file read via MySQL data source
vendor_redhat·2020-08-27·CVSS 6.5
CVE-2019-19499 [MEDIUM] CWE-88 grafana: arbitrary file read via MySQL data source
grafana: arbitrary file read via MySQL data source
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Grafana has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Statement: A vulnerable version of Grafana is shipped in OpenShift 3.11 and OpenShift ServiceMesh, however Prometheus is used as a data source and modification to MySQL requires full control of the grafana component. Access is restricted to authenticated users only by OpenShift OAuth. As OpenShift and OpenShift ServiceMesh still packages the vulnerable code, the components are affected but with impact
No detection rules found.
No public exploits indexed.
2020-08-28
Published