github.com/grafana/grafana is vulnerable to authentication bypass. An attacker is able to generate a valid remember me
cookie via the Login function with only the username of a user without a local Grafana password (LDAP & OAuth users) and gain access to the application.
access.redhat.com/errata/RHSA-2019:0019
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1633825
bugzilla.redhat.com/show_bug.cgi?id=1647494
bugzilla.redhat.com/show_bug.cgi?id=1647496
bugzilla.redhat.com/show_bug.cgi?id=1652427
bugzilla.redhat.com/show_bug.cgi?id=1653273