Incorrect Permission Assignment for Critical Resource
CVE-2020-12458
Summary
An information-disclosure flaw was found in Grafana. The database directory "/var/lib/grafana" and database file "/var/lib/grafana/grafana.db" are world readable. This can result in the exposure of sensitive information (e.g., cleartext or encrypted data source passwords). This issue affects the package github.com/grafana/grafana versions prior to 7.2.0-beta1. This has the same fix as CVE-2020-12459.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References
Advisory Timeline
- Published
