Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00cHdwLWN4NjctNWNweM4AA6O3
Grafana Arbitrary File Read
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Permalink: https://github.com/advisories/GHSA-4pwp-cx67-5cpxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00cHdwLWN4NjctNWNweM4AA6O3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: about 1 month ago
CVSS Score: 6.2
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
Identifiers: GHSA-4pwp-cx67-5cpx, CVE-2019-19499
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-19499
- https://github.com/grafana/grafana/pull/20192
- https://github.com/grafana/grafana/blob/master/CHANGELOG.md#644-2019-11-06
- https://security.netapp.com/advisory/ntap-20200918-0003/
- https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/
- https://github.com/advisories/GHSA-4pwp-cx67-5cpx
Blast Radius: 1.0
Affected Packages
go:github.com/grafana/grafana/pkg/tsdb/mysql
Affected Version Ranges: < 6.4.4Fixed in: 6.4.4