Threat Encyclopedia



This indicates an attack attempt against an Information Disclosure vulnerability in Grafana.
A remote, authenticated attacker can exploit this vulnerability by creating a crafted dashboard panel then requesting a static render of the panel. Successful exploitation results in the disclosure of arbitrary file contents from the target server.

affected-products-logoAffected Products

Grafana Labs Grafana 4.x prior to 4.6.5
Grafana Labs Grafana 5.x prior to 5.3.3

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor supplied advisory for updates:

CVE References


Telemetry logoTelemetry