2 matches found
CVE-2018-19039
Grafana CVE-2018-19039 affects Grafana before 4.6.5 and 5.x before 5.3.3, allowing remote authenticated users with Editor or Admin perms to read arbitrary files. Root cause is a file-read exposure via dashboards/editors. Upgrading to Grafana 4.6.5 or 5.3.3+ mitigates the issue; check vendor advis...
CVE-2018-12099
Grafana prior to 5.2.0-beta1 is affected by XSS in dashboard links (CVE-2018-12099). The issue stems from an incomplete fix, with later Nessus entries noting unpatched vectors in Grafana 5.3.1 related to this CVE. Remediation: upgrade to Grafana 5.2.0-beta1 or newer where the fix is included.