Intrusion Prevention

Grafana.Labs.Grafana.Direct.Link.Image.Information.Disclosure

Description

This indicates an attack attempt against an Information Disclosure vulnerability in Grafana.
A remote, authenticated attacker can exploit this vulnerability by creating a crafted dashboard panel then requesting a static render of the panel. Successful exploitation results in the disclosure of arbitrary file contents from the target server.

Affected Products

Grafana Labs Grafana 4.x prior to 4.6.5
Grafana Labs Grafana 5.x prior to 5.3.3

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor supplied advisory for updates:
https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961

CVE References

CVE-2018-19039