6.5
CVE-2018-19039
- EPSS 9.54%
- Published 13.12.2018 19:29:00
- Last modified 21.11.2024 03:57:12
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Ceph Storage Version3.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Netapp ≫ Active Iq Performance Analytics Services Version-
Netapp ≫ Storagegrid Webscale Nas Bridge Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.54% | 0.925 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.