Home

CVE-2020-12458

Description

An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.07

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-12458 are affected in GrafanaEnterprise 6.7.3Windows
Grafana update (ELSA-2023-6972) grafana-9.2.10-7.el8_9.x86_64.rpmLinux
Grafana update (ELSA-2020-4682) grafana-6.7.4-3.el8.x86_64.rpmLinux
Grafana-azure-monitor update (ELSA-2020-4682) grafana-azure-monitor-6.7.4-3.el8.x86_64.rpmLinux
Grafana-cloudwatch update (ELSA-2020-4682) grafana-cloudwatch-6.7.4-3.el8.x86_64.rpmLinux
Grafana-elasticsearch update (ELSA-2020-4682) grafana-elasticsearch-6.7.4-3.el8.x86_64.rpmLinux
Grafana-graphite update (ELSA-2020-4682) grafana-graphite-6.7.4-3.el8.x86_64.rpmLinux
Grafana-influxdb update (ELSA-2020-4682) grafana-influxdb-6.7.4-3.el8.x86_64.rpmLinux
Grafana-loki update (ELSA-2020-4682) grafana-loki-6.7.4-3.el8.x86_64.rpmLinux
Grafana-mssql update (ELSA-2020-4682) grafana-mssql-6.7.4-3.el8.x86_64.rpmLinux
Grafana-mysql update (ELSA-2020-4682) grafana-mysql-6.7.4-3.el8.x86_64.rpmLinux
Grafana-opentsdb update (ELSA-2020-4682) grafana-opentsdb-6.7.4-3.el8.x86_64.rpmLinux
Grafana-postgres update (ELSA-2020-4682) grafana-postgres-6.7.4-3.el8.x86_64.rpmLinux
Grafana-prometheus update (ELSA-2020-4682) grafana-prometheus-6.7.4-3.el8.x86_64.rpmLinux
Grafana-stackdriver update (ELSA-2020-4682) grafana-stackdriver-6.7.4-3.el8.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-335779GrafanaEnterprise (10.3.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234