BID:105994

Grafana CVE-2018-19039 Information Disclosure Vulnerability

CVE-2018-19039 |

Info

Grafana CVE-2018-19039 Information Disclosure Vulnerability

Bugtraq ID:	105994
Class:	Unknown
CVE:	CVE-2018-19039
Remote:	Yes
Local:	No
Published:	Nov 23 2018 12:00AM
Updated:	Nov 23 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Redhat OpenStack Platform Operational Tools 9 Redhat OpenShift Enterprise 3.11 Redhat Enterprise Linux OpenStack Platform 8.0.Operational Tools for RH 7 Grafana Grafana 5.3.2 Grafana Grafana 5.2.3 Grafana Grafana 5.2.2 Grafana Grafana 5.2.1 Grafana Grafana 5.2 Grafana Grafana 5.1.5 Grafana Grafana 5.1.4 Grafana Grafana 5.1 Grafana Grafana 5.0 Grafana Grafana 4.1.2 Grafana Grafana 4.1

Not Vulnerable:	Grafana Grafana 5.3.3 Grafana Grafana 4.6.5

Discussion

Grafana CVE-2018-19039 Information Disclosure Vulnerability

Grafana is prone to an information-disclosure vulnerability.

Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks.

Grafana 4.1 through 5.3.2 are vulnerable; other versions may also be affected.

Exploit / POC

Grafana CVE-2018-19039 Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Grafana CVE-2018-19039 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Grafana CVE-2018-19039 Information Disclosure Vulnerability

References:

Grafana Home Page (Grafana)
Bug 1649697 - (CVE-2018-19039) CVE-2018-19039 grafana: File exfiltration (Redhat)
CVE-2018-19039 (Redhat)
Grafana 5.3.3 and 4.6.5 Security Update (Grafana)