Threat Encyclopedia

Grafana.Labs.Grafana.Direct.Link.Image.Information.Disclosure

description-logoDescription

This indicates an attack attempt against an Information Disclosure vulnerability in Grafana.
A remote, authenticated attacker can exploit this vulnerability by creating a crafted dashboard panel then requesting a static render of the panel. Successful exploitation results in the disclosure of arbitrary file contents from the target server.

affected-products-logoAffected Products

Grafana Labs Grafana 4.x prior to 4.6.5
Grafana Labs Grafana 5.x prior to 5.3.3

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor supplied advisory for updates:
https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961

CVE References

CVE-2018-19039

Telemetry logoTelemetry