CVE-2019-19499: Grafana Arbitrary File Read
(updated )
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
References
- github.com/advisories/GHSA-4pwp-cx67-5cpx
- github.com/grafana/grafana
- github.com/grafana/grafana/blob/master/CHANGELOG.md
- github.com/grafana/grafana/commit/19dbd27c5caa1a160bd5854b65a4e1fe2a8a4f00
- github.com/grafana/grafana/pull/20192
- nvd.nist.gov/vuln/detail/CVE-2019-19499
- security.netapp.com/advisory/ntap-20200918-0003
Detect and mitigate CVE-2019-19499 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →