An information-disclosure flaw was found in Grafana distributed by Red Hat. This flaw allows a local attacker access to potentially sensitive information such as secret_key and a bind_password from the world-readable files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml.

Mitigation

Manually change the files permission to remove readable bits for others:

chmod 640 /etc/grafana/grafana.ini /etc/grafana/ldap.toml