{"id":"CVE-2020-12459","details":"In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.","aliases":["BIT-grafana-2020-12459","GHSA-m25m-5778-fm22","GO-2024-2519"],"modified":"2026-04-02T02:10:34.118955Z","published":"2020-04-29T16:15:11.823Z","related":["ALSA-2020:4682"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/"},{"type":"ADVISORY","url":"https://github.com/grafana/grafana/issues/8283"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200518-0004/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2020-12459"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829724"},{"type":"FIX","url":"https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grafana/grafana","events":[{"introduced":"34a9a621b6b6f14d9ad15690d0a38047905b5423"},{"last_affected":"fdd211758ec635ce6291f9690f38397cd8169874"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"last_affected":"6.3.6"}]}}],"versions":["v6.0.0","v6.0.1","v6.0.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12459.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}