Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-amqf-ytjf-fydp

Summary

Grafana world readable configuration files
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files `/etc/grafana/grafana.ini` and `/etc/grafana/ldap.toml` (which contain a secret_key and a bind_password) are world readable.

Aliases

alias	CVE-2020-12459

alias	GHSA-m25m-5778-fm22

Fixed_packages

Affected_packages

url pkg:rpm/redhat/grafana@6.7.4-3?arch=el8

purl pkg:rpm/redhat/grafana@6.7.4-3?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-amqf-ytjf-fydp

vulnerability	VCID-drfs-tub9-zqgg

vulnerability	VCID-ed2w-eexq-kuam

vulnerability	VCID-fph7-rrjp-uqa1

vulnerability	VCID-snvt-p8kr-2ucq

vulnerability	VCID-txvc-2hvr-nkaj

vulnerability	VCID-w8d1-se9j-e7ew

vulnerability	VCID-y46u-m8e4-9qcn

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@6.7.4-3%3Farch=el8

url pkg:rpm/redhat/jaeger@1.13.1.redhat7-1?arch=el7

purl pkg:rpm/redhat/jaeger@1.13.1.redhat7-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5618-53yg-8qh4

vulnerability	VCID-amqf-ytjf-fydp

vulnerability	VCID-bhnm-47u8-zfhr

vulnerability	VCID-dzeb-zu9x-g3bq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jaeger@1.13.1.redhat7-1%3Farch=el7

url pkg:rpm/redhat/kiali@1.0.11.redhat1-1?arch=el7

purl pkg:rpm/redhat/kiali@1.0.11.redhat1-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5618-53yg-8qh4

vulnerability	VCID-amqf-ytjf-fydp

vulnerability	VCID-bhnm-47u8-zfhr

vulnerability	VCID-dzeb-zu9x-g3bq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kiali@1.0.11.redhat1-1%3Farch=el7

url pkg:rpm/redhat/servicemesh-grafana@6.2.2-36?arch=el8

purl pkg:rpm/redhat/servicemesh-grafana@6.2.2-36?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5618-53yg-8qh4

vulnerability	VCID-amqf-ytjf-fydp

vulnerability	VCID-bhnm-47u8-zfhr

vulnerability	VCID-dzeb-zu9x-g3bq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh-grafana@6.2.2-36%3Farch=el8

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12459.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12459.json

reference_url

https://access.redhat.com/security/cve/CVE-2020-12459

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2020-12459

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12459

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25103
published_at	2026-04-13T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25156
published_at	2026-04-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25198
published_at	2026-04-11T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25184
published_at	2026-04-09T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25138
published_at	2026-04-08T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25068
published_at	2026-04-07T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25113
published_at	2026-04-16T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25104
published_at	2026-04-18T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25074
published_at	2026-04-21T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25295
published_at	2026-04-04T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25257
published_at	2026-04-02T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25177
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12459

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1827765

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1827765

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1829724

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1829724

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00

reference_url

https://github.com/grafana/grafana/issues/8283

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana/issues/8283

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12459

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12459

reference_url

https://security.netapp.com/advisory/ntap-20200518-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200518-0004

reference_url

https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277

reference_url	https://access.redhat.com/errata/RHSA-2020:2362
reference_id	RHSA-2020:2362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2362

reference_url	https://access.redhat.com/errata/RHSA-2020:4682
reference_id	RHSA-2020:4682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4682

Weaknesses

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	732
name	Incorrect Permission Assignment for Critical Resource
description	The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Exploits

Severity_range_score 5.5 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-amqf-ytjf-fydp

Vulnerability Instance