Description
Due to a vulnerability in Grafana, an attacker can use it to perform a path traversal attack and access sensitive information on the server, which may lead to a takeover of the server.
Remediation
Upgrade to the latest version of Grafana
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-5743)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3662)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)