Description
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
Remediation
References
Related Vulnerabilities
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.27)
WordPress Plugin EMC2 Custom Help Videos Cross-Site Scripting (1.2)
WordPress Plugin Insert or Embed Articulate Content into WordPress Directory Traversal (4.2999)
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5493)
WordPress Plugin Tigris for Salesforce PHP Object Injection (1.1.3)