Home

CVE-2019-19499

Description

Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
43.86

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-19499 are affected in GrafanaEnterprise 6.4.3Windows
Grafana update (ELSA-2020-4682) grafana-6.7.4-3.el8.x86_64.rpmLinux
Grafana-azure-monitor update (ELSA-2020-4682) grafana-azure-monitor-6.7.4-3.el8.x86_64.rpmLinux
Grafana-cloudwatch update (ELSA-2020-4682) grafana-cloudwatch-6.7.4-3.el8.x86_64.rpmLinux
Grafana-elasticsearch update (ELSA-2020-4682) grafana-elasticsearch-6.7.4-3.el8.x86_64.rpmLinux
Grafana-graphite update (ELSA-2020-4682) grafana-graphite-6.7.4-3.el8.x86_64.rpmLinux
Grafana-influxdb update (ELSA-2020-4682) grafana-influxdb-6.7.4-3.el8.x86_64.rpmLinux
Grafana-loki update (ELSA-2020-4682) grafana-loki-6.7.4-3.el8.x86_64.rpmLinux
Grafana-mssql update (ELSA-2020-4682) grafana-mssql-6.7.4-3.el8.x86_64.rpmLinux
Grafana-mysql update (ELSA-2020-4682) grafana-mysql-6.7.4-3.el8.x86_64.rpmLinux
Grafana-opentsdb update (ELSA-2020-4682) grafana-opentsdb-6.7.4-3.el8.x86_64.rpmLinux
Grafana-postgres update (ELSA-2020-4682) grafana-postgres-6.7.4-3.el8.x86_64.rpmLinux
Grafana-prometheus update (ELSA-2020-4682) grafana-prometheus-6.7.4-3.el8.x86_64.rpmLinux
Grafana-stackdriver update (ELSA-2020-4682) grafana-stackdriver-6.7.4-3.el8.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-335779GrafanaEnterprise (10.3.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234