{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55467?format=json","vulnerability_id":"VCID-amqf-ytjf-fydp","summary":"Grafana world readable configuration files\nIn certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files `/etc/grafana/grafana.ini` and `/etc/grafana/ldap.toml` (which contain a secret_key and a bind_password) are world readable.","aliases":[{"alias":"CVE-2020-12459"},{"alias":"GHSA-m25m-5778-fm22"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102415?format=json","purl":"pkg:rpm/redhat/grafana@6.7.4-3?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-amqf-ytjf-fydp"},{"vulnerability":"VCID-drfs-tub9-zqgg"},{"vulnerability":"VCID-ed2w-eexq-kuam"},{"vulnerability":"VCID-fph7-rrjp-uqa1"},{"vulnerability":"VCID-snvt-p8kr-2ucq"},{"vulnerability":"VCID-txvc-2hvr-nkaj"},{"vulnerability":"VCID-w8d1-se9j-e7ew"},{"vulnerability":"VCID-y46u-m8e4-9qcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@6.7.4-3%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/103552?format=json","purl":"pkg:rpm/redhat/jaeger@1.13.1.redhat7-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-amqf-ytjf-fydp"},{"vulnerability":"VCID-bhnm-47u8-zfhr"},{"vulnerability":"VCID-dzeb-zu9x-g3bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jaeger@1.13.1.redhat7-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/103550?format=json","purl":"pkg:rpm/redhat/kiali@1.0.11.redhat1-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-amqf-ytjf-fydp"},{"vulnerability":"VCID-bhnm-47u8-zfhr"},{"vulnerability":"VCID-dzeb-zu9x-g3bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kiali@1.0.11.redhat1-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/103551?format=json","purl":"pkg:rpm/redhat/servicemesh-grafana@6.2.2-36?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-amqf-ytjf-fydp"},{"vulnerability":"VCID-bhnm-47u8-zfhr"},{"vulnerability":"VCID-dzeb-zu9x-g3bq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh-grafana@6.2.2-36%3Farch=el8"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12459.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12459.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-12459","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-12459"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12459","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24967","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24907","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24836","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24958","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25003","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25015","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25177","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24992","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24914","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24892","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25103","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25184","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25138","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25295","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25257","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25074","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25104","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25113","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12459"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827765","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829724","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829724"},{"reference_url":"https://github.com/grafana/grafana","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana"},{"reference_url":"https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00"},{"reference_url":"https://github.com/grafana/grafana/issues/8283","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/issues/8283"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12459","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12459"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200518-0004","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200518-0004"},{"reference_url":"https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2362","reference_id":"RHSA-2020:2362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"weaknesses":[{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."},{"cwe_id":732,"name":"Incorrect Permission Assignment for Critical Resource","description":"The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors."}],"exploits":[],"severity_range_score":"5.5 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amqf-ytjf-fydp"}