grafana - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1034 | 6.3.3-1 | 6.3.4-1 | Medium | Fixed | |
| AVG-811 | 5.3.2-1 | 5.3.4-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-15043 | AVG-1034 | Medium | Yes | Denial of service | This vulnerability allows any unauthenticated user/client to access the Grafana snapshot HTTP API and create a denial of service attack by posting large... |
| CVE-2018-19039 | AVG-811 | High | Yes | Arbitrary filesystem access | Al security issue has been found in grafana before 5.3.3, that could allow any users with Editor or Admin permissions in Grafana to read any file that the... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 30 Aug 2019 | ASA-201908-21 | AVG-1034 | Medium | denial of service |
| 15 Nov 2018 | ASA-201811-15 | AVG-811 | High | arbitrary filesystem access |