High severityNVD Advisory· Published Apr 29, 2020· Updated Aug 4, 2024
CVE-2020-12459
CVE-2020-12459
Description
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/grafana/grafanaGo | >= 6.0.0-beta1, < 7.2.1 | 7.2.1 |
Affected products
24- Grafana/Grafanadescription
- osv-coords23 versionspkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-12.0pkg:apk/chainguard/grafana-fips-12.1pkg:apk/chainguard/grafana-fips-12.2pkg:apk/chainguard/grafana-fips-12.3pkg:apk/chainguard/grafana-fips-12.4pkg:apk/chainguard/grafana-fips-13.0pkg:apk/chainguard/grafana-fips-13.1pkg:bitnami/grafanapkg:golang/github.com/grafana/grafanapkg:rpm/almalinux/grafanapkg:rpm/almalinux/grafana-azure-monitorpkg:rpm/almalinux/grafana-cloudwatchpkg:rpm/almalinux/grafana-elasticsearchpkg:rpm/almalinux/grafana-graphitepkg:rpm/almalinux/grafana-influxdbpkg:rpm/almalinux/grafana-lokipkg:rpm/almalinux/grafana-mssqlpkg:rpm/almalinux/grafana-mysqlpkg:rpm/almalinux/grafana-opentsdbpkg:rpm/almalinux/grafana-postgrespkg:rpm/almalinux/grafana-prometheuspkg:rpm/almalinux/grafana-stackdriver
< 0+ 22 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 6.0.0, < 6.3.7
- (no CPE)range: >= 6.0.0-beta1, < 7.2.1
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-m25m-5778-fm22ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-12459ghsaADVISORY
- access.redhat.com/security/cve/CVE-2020-12459ghsax_refsource_CONFIRMWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00ghsaWEB
- github.com/grafana/grafana/issues/8283ghsax_refsource_MISCWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZSghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34AghsaWEB
- security.netapp.com/advisory/ntap-20200518-0004ghsaWEB
- security.netapp.com/advisory/ntap-20200518-0004/mitrex_refsource_CONFIRM
- src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.