Description
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Social Icons Cross-Site Scripting (3.0.8)
Oracle Database Server CVE-2010-0866 Vulnerability (CVE-2010-0866)
WordPress Plugin WP Mail Logging Cross-Site Scripting (1.11.1)
Oracle Database Server CVE-2015-2585 Vulnerability (CVE-2015-2585)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0059)