|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-02-19 | |
| Rule Name: | Grafana Labs Grafana Direct Link Rendered Image Arbitrary File Read Vulnerability (CVE-2018-19039) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | |
| Impact: | Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:105994 https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961 https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/ |
|
| Solutions |
|---|
| Upgrading to version 4.6.5 or 5.3.3 eliminates this vulnerability. |