6.5
CVE-2018-19039
- EPSS 9.54%
- Veröffentlicht 13.12.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:12
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ceph Storage Version3.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Netapp ≫ Active Iq Performance Analytics Services Version-
Netapp ≫ Storagegrid Webscale Nas Bridge Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.54% | 0.925 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.