World Readable Configuration Files in Red Hat Grafana Packages

World Readable Configuration Files in Red Hat Grafana Packages

CVE-2020-12459 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.

Learn more about our Cis Benchmark Audit For Bind.