Lucene search
GoogleOSV:GHSA-RGJG-66CX-5X9MHistoryFeb 15, 2022 - 1:57 a.m.
Grafana Authentication Bypass
2022-02-1501:57:18
Google
osv.dev
28
Grafana before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid “remember me” cookie knowing only a username of an LDAP or OAuth user.
Specific Go Packages Affected
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/grafana/grafana | lt | 5.2.3 | |
| github.com/grafana/grafana | ge | 5.0.0 | |
| github.com/grafana/grafana | lt | 4.6.4 |
References
access.redhat.com/errata/RHSA-2018:3829
access.redhat.com/errata/RHSA-2019:0019
github.com/grafana/grafana/commit/7baecf0d0deae0d865e45cf03e082bc0db3f28c3
github.com/grafana/grafana/commit/df83bf10a225811927644bdf6265fa80bdea9137
grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix
nvd.nist.gov/vuln/detail/CVE-2018-15727
www.securityfocus.com/bid/105184
Related
prion
prion
Authentication flaw
2018-08-29 15:29:00
nvd
nvd
CVE-2018-15727
2018-08-29 15:29:00
CVE-2018-558213
2018-08-29 15:29:00
veracode
veracode
Authentication Bypass
2019-01-15 09:27:17
Authentication Bypass
2018-08-30 05:17:12
openvas
openvas
Grafana Authentication Bypass Vulnerability
2018-08-31 00:00:00
osv
osv
CVE-2018-15727
2018-08-29 15:29:00
redhat
redhat
(RHSA-2018:3829) Moderate: RHGS WA security and bug fix update
2018-12-17 04:49:19
(RHSA-2019:0019) Moderate: grafana security and bug fix update
2019-01-03 17:35:51
github
github
Grafana Authentication Bypass
2022-02-15 01:57:18
redhatcve
redhatcve
CVE-2018-15727
2018-08-30 22:18:55
cvelist
cvelist
CVE-2018-15727
2018-08-29 15:00:00
nessus
nessus
RHEL 7 : RHGS WA (RHSA-2018:3829)
2018-12-17 00:00:00
RHEL 7 : grafana (RHSA-2019:0019)
2019-01-07 00:00:00
ubuntucve
ubuntucve
CVE-2018-15727
2018-08-29 00:00:00
cve
cve
CVE-2018-15727
2018-08-29 15:29:00
CVE-2018-558213
2022-10-03 16:21:57