Lucene search
Redhat.comRH:CVE-2018-15727HistoryAug 30, 2018 - 10:18 p.m.
CVE-2018-15727
2018-08-3022:18:55
redhat.com
access.redhat.com
8
0.014 Low
EPSS
Percentile
86.6%
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid “remember me” cookie knowing only a username of an LDAP or OAuth user.
Mitigation
As per upstream (<https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix>)
- Switch to authentication mechanism other than LDAP or OAuth
- Grafana should be isolated from public networks
Related
prion
prion
Authentication flaw
2018-08-29 15:29:00
nvd
nvd
CVE-2018-15727
2018-08-29 15:29:00
CVE-2018-558213
2018-08-29 15:29:00
veracode
veracode
Authentication Bypass
2019-01-15 09:27:17
Authentication Bypass
2018-08-30 05:17:12
openvas
openvas
Grafana Authentication Bypass Vulnerability
2018-08-31 00:00:00
osv
osv
CVE-2018-15727
2018-08-29 15:29:00
Grafana Authentication Bypass
2022-02-15 01:57:18
redhat
redhat
(RHSA-2018:3829) Moderate: RHGS WA security and bug fix update
2018-12-17 04:49:19
(RHSA-2019:0019) Moderate: grafana security and bug fix update
2019-01-03 17:35:51
github
github
Grafana Authentication Bypass
2022-02-15 01:57:18
cvelist
cvelist
CVE-2018-15727
2018-08-29 15:00:00
nessus
nessus
RHEL 7 : RHGS WA (RHSA-2018:3829)
2018-12-17 00:00:00
RHEL 7 : grafana (RHSA-2019:0019)
2019-01-07 00:00:00
cve
cve
CVE-2018-15727
2018-08-29 15:29:00
CVE-2018-558213
2022-10-03 16:21:57
ubuntucve
ubuntucve
CVE-2018-15727
2018-08-29 00:00:00