CVE-2020-12459

Incorrect Permission Assignment for Critical Resource in go/github.com/grafana/grafana

Identifiers

GHSA-m25m-5778-fm22, CVE-2020-12459

Package Slug

go/github.com/grafana/grafana

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secretkey and a bindpassword) are world readable.

Affected Versions

All versions starting from 6.0 before 7.2.1

Solution

Upgrade to version 7.2.1 or above.

Last Modified

2024-02-02

source