HTTP: Grafana Labs Grafana Direct Link Rendered Image Arbitrary File Read
This signature detects attempts to exploit a known vulnerability against Grafana. Successful exploitation could result in the disclosure of the contents of arbitrary files.
Extended Description
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Affected Products
Netapp active_iq_performance_analytics_services
References
BugTraq: 105994
CVE: CVE-2018-19039
URL: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
Short Name
HTTP:CVE-2018-19039-INFO-DIS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2018-19039 Direct File Grafana Image Labs Link Read Rendered bid:105994
Release Date
02/26/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Netapp
Redhat
Grafana
CVSS Score
4.0