Description
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
Remediation
References
Related Vulnerabilities
Apache HTTP Server CVE-2012-0053 Vulnerability (CVE-2012-0053)
IBM WebSEAL Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-4707)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8628)
PHP Other Vulnerability (CVE-2000-0967)
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23798)