{"id":"GHSA-3jq7-8ph8-63xm","summary":"Grafana information disclosure","details":"An information-disclosure flaw was found in Grafana. The database directory `/var/lib/grafana` and database file `/var/lib/grafana/grafana.db` are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).","aliases":["BIT-grafana-2020-12458","CVE-2020-12458","GO-2024-2513"],"modified":"2024-11-18T16:26:25Z","published":"2022-05-24T17:16:53Z","database_specific":{"github_reviewed":true,"github_reviewed_at":"2024-02-01T21:46:49Z","cwe_ids":["CWE-312","CWE-732"],"severity":"HIGH","nvd_published_at":"2020-04-29T16:15:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12458"},{"type":"WEB","url":"https://github.com/grafana/grafana/issues/8283"},{"type":"WEB","url":"https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2020-12458"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827765"},{"type":"PACKAGE","url":"https://github.com/grafana/grafana"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200518-0001"}],"affected":[{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"7.2.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3jq7-8ph8-63xm/GHSA-3jq7-8ph8-63xm.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}