CVE-2020-12458

Incorrect Permission Assignment for Critical Resource in go/github.com/grafana/grafana

Identifiers

GHSA-3jq7-8ph8-63xm, CVE-2020-12458

Package Slug

go/github.com/grafana/grafana

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).

Affected Versions

All versions before 7.2.1

Solution

Upgrade to version 7.2.1 or above.

Last Modified

2024-02-02

source