Description
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2020-2654 Vulnerability (CVE-2020-2654)
Nginx Integer Overflow or Wraparound Vulnerability (CVE-2017-7529)
WordPress Plugin WP Editor.md Cross-Site Scripting (10.0.1)
Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9186)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4613)