Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CVE-2018-19039-INFO-DIS
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Grafana Labs Grafana Direct Link Rendered Image Arbitrary File Read
Release Date	2019/02/26
Update Number	3145
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Grafana Labs Grafana Direct Link Rendered Image Arbitrary File Read

This signature detects attempts to exploit a known vulnerability against Grafana. Successful exploitation could result in the disclosure of the contents of arbitrary files.

Extended Description

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.

Affected Products

Grafana grafana 1.0
Grafana grafana 1.0.1
Grafana grafana 1.0.2
Grafana grafana 1.0.3
Grafana grafana 1.0.4
Grafana grafana 1.1.0
Grafana grafana 1.2.0
Grafana grafana 1.3.0
Grafana grafana 1.4.0
Grafana grafana 1.5.0
Grafana grafana 1.5.1
Grafana grafana 1.5.2
Grafana grafana 1.5.3
Grafana grafana 1.5.4
Grafana grafana 1.6.0
Grafana grafana 1.6.1
Grafana grafana 1.7.0
Grafana grafana 1.8.0
Grafana grafana 1.8.1
Grafana grafana 1.9.0
Grafana grafana 1.9.1
Grafana grafana 2.0.0
Grafana grafana 2.0.1
Grafana grafana 2.0.2
Grafana grafana 2.1.0
Grafana grafana 2.1.1
Grafana grafana 2.1.2
Grafana grafana 2.1.3
Grafana grafana 2.5.0
Grafana grafana 2.6.0
Grafana grafana 3.0.0
Grafana grafana 3.0.1
Grafana grafana 3.0.2
Grafana grafana 3.0.3
Grafana grafana 3.0.4
Grafana grafana 3.1.0
Grafana grafana 3.1.1
Grafana grafana 4.0.0
Grafana grafana 4.0.1
Grafana grafana 4.0.2
Grafana grafana 4.1.0
Grafana grafana 4.1.1
Grafana grafana 4.1.2
Grafana grafana 4.2.0
Grafana grafana 4.3.0
Grafana grafana 4.3.1
Grafana grafana 4.3.2
Grafana grafana 4.4.0
Grafana grafana 4.4.1
Grafana grafana 4.4.2
Grafana grafana 4.4.3
Grafana grafana 4.5.0
Grafana grafana 4.5.1
Grafana grafana 4.5.2
Grafana grafana 4.6.0
Grafana grafana 4.6.1
Grafana grafana 4.6.2
Grafana grafana 4.6.3
Grafana grafana 4.6.4
Grafana grafana 5.0.0
Grafana grafana 5.0.1
Grafana grafana 5.0.2
Grafana grafana 5.0.3
Grafana grafana 5.0.4
Grafana grafana 5.1.0
Grafana grafana 5.1.1
Grafana grafana 5.1.2
Grafana grafana 5.1.3
Grafana grafana 5.1.4
Grafana grafana 5.1.5
Grafana grafana 5.2.0
Grafana grafana 5.2.1
Grafana grafana 5.2.2
Grafana grafana 5.2.3
Grafana grafana 5.2.4
Grafana grafana 5.2.5
Grafana grafana 5.3.0
Grafana grafana 5.3.1
Grafana grafana 5.3.2
Netapp active_iq_performance_analytics_services -
Netapp storagegrid_webscale_nas_bridge -
Redhat ceph_storage 3.0
Redhat enterprise_linux_desktop 7.0
Redhat enterprise_linux_server 7.0
Redhat enterprise_linux_workstation 7.0

References

BugTraq: 105994
CVE: CVE-2018-19039
URL: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Grafana Labs Grafana Direct Link Rendered Image Arbitrary File Read

Extended Description

Affected Products

References