Intrusion Prevention



This indicates an attack attempt against an Information Disclosure vulnerability in Grafana.
A remote, authenticated attacker can exploit this vulnerability by creating a crafted dashboard panel then requesting a static render of the panel. Successful exploitation results in the disclosure of arbitrary file contents from the target server.

Affected Products

Grafana Labs Grafana 4.x prior to 4.6.5
Grafana Labs Grafana 5.x prior to 5.3.3


Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor supplied advisory for updates:

CVE References