Grafana Cleartext Storage of Sensitive Information Vulnerability - CVE-2020-12458 - Vulnerability Database

Grafana Cleartext Storage of Sensitive Information Vulnerability - CVE-2020-12458

Medium

Reference: CVE-2020-12458

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-12458

Title: Grafana Cleartext Storage of Sensitive Information Vulnerability

Overview:

An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g. cleartext or encrypted datasource passwords).