Vulnerability Report: GO-2024-2661

CVE-2019-19499, GHSA-4pwp-cx67-5cpx
Affects: github.com/grafana/grafana
Published: Mar 28, 2024
Modified: Jul 09, 2024

An authenticated attacker that has privileges to modify the data source configurations can read arbitrary files.

Affected Modules

Path

Go Versions

Custom Versions^*
github.com/grafana/grafana

all versions, no known fixed

before 6.4.4

^{*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)}

Aliases

CVE-2019-19499
GHSA-4pwp-cx67-5cpx

References

https://github.com/grafana/grafana/pull/20192
https://github.com/grafana/grafana/blob/master/CHANGELOG.md#644-2019-11-06
https://security.netapp.com/advisory/ntap-20200918-0003
https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read
https://vuln.go.dev/ID/GO-2024-2661.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL