6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.029 Low
EPSS
Percentile
90.7%
Severity: High
Date : 2018-11-15
CVE-ID : CVE-2018-19039
Package : grafana
Type : arbitrary filesystem access
Remote : Yes
Link : https://security.archlinux.org/AVG-811
The package grafana before version 5.3.4-1 is vulnerable to arbitrary
filesystem access.
Upgrade to 5.3.4-1.
The problem has been fixed upstream in version 5.3.4.
None.
Al security issue has been found in grafana before 5.3.3, that could
allow any users with Editor or Admin permissions in Grafana to read any
file that the Grafana process can read from the filesystem. Note, that
in order to exploit this you would need to be logged in to the system
as a legitimate user with Editor or Admin permissions.
A remote, authenticated attacker is able to read any file that is
accessible to the Grafana process.
https://grafana.com/blog/2018/11/13/grafana-5.3.3-and-4.6.5-released-with-important-security-fix/
https://security.archlinux.org/CVE-2018-19039
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.029 Low
EPSS
Percentile
90.7%