Lucene search
Veracode Vulnerability DatabaseVERACODE:13218HistoryJan 15, 2019 - 9:27 a.m.
Authentication Bypass
2019-01-1509:27:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.014 Low
EPSS
Percentile
86.6%
github.com/grafana/grafana is vulnerable to authentication bypass. An attacker is able to generate a valid remember me cookie via the Login function with only the username of a user without a local Grafana password (LDAP & OAuth users) and gain access to the application.
References
access.redhat.com/errata/RHSA-2019:0019
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1633825
bugzilla.redhat.com/show_bug.cgi?id=1647494
bugzilla.redhat.com/show_bug.cgi?id=1647496
bugzilla.redhat.com/show_bug.cgi?id=1652427
bugzilla.redhat.com/show_bug.cgi?id=1653273
Related
prion
prion
Authentication flaw
2018-08-29 15:29:00
nvd
nvd
CVE-2018-15727
2018-08-29 15:29:00
CVE-2018-558213
2018-08-29 15:29:00
openvas
openvas
Grafana Authentication Bypass Vulnerability
2018-08-31 00:00:00
osv
osv
CVE-2018-15727
2018-08-29 15:29:00
Grafana Authentication Bypass
2022-02-15 01:57:18
redhat
redhat
(RHSA-2018:3829) Moderate: RHGS WA security and bug fix update
2018-12-17 04:49:19
(RHSA-2019:0019) Moderate: grafana security and bug fix update
2019-01-03 17:35:51
github
github
Grafana Authentication Bypass
2022-02-15 01:57:18
redhatcve
redhatcve
CVE-2018-15727
2018-08-30 22:18:55
cvelist
cvelist
CVE-2018-15727
2018-08-29 15:00:00
nessus
nessus
RHEL 7 : RHGS WA (RHSA-2018:3829)
2018-12-17 00:00:00
RHEL 7 : grafana (RHSA-2019:0019)
2019-01-07 00:00:00
veracode
veracode
Authentication Bypass
2018-08-30 05:17:12
ubuntucve
ubuntucve
CVE-2018-15727
2018-08-29 00:00:00
cve
cve
CVE-2018-15727
2018-08-29 15:29:00
CVE-2018-558213
2022-10-03 16:21:57