Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2020-12459 - Vulnerability Database
Grafana

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2020-12459

Medium
Reference: CVE-2020-12459
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-12459
Title: Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

In certain Red Hat packages for Grafana 6.x through 6.3.6 the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.