GHSA-m25m-5778-fm22, CVE-2020-12459
go/github.com/grafana/grafana
Incorrect Permission Assignment for Critical Resource
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secretkey and a bindpassword) are world readable.
All versions starting from 6.0 before 7.2.1
Upgrade to version 7.2.1 or above.
2024-02-02
source |