CyberSec.Space Logo
Back to CVE Browser

CVE-2018-15727

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1160%
EPSS Percentile23.43th
PublishedAug 29, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

Affected Platforms (CPE)

πŸ“¦
Grafana

Grafana

>= 2.0.0 and <= 2.1.2
πŸ“¦
Grafana

Grafana

>= 3.0.0 and <= 3.1.1
πŸ“¦
Grafana

Grafana

>= 4.0.0 and < 4.6.4
πŸ“¦
Grafana

Grafana

>= 5.0.0 and < 5.2.3
πŸ“¦
Redhat

Ceph Storage

= 3.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/105184
πŸ”— https://access.redhat.com/errata/RHSA-2018:3829
πŸ”— https://access.redhat.com/errata/RHSA-2019:0019
πŸ”— https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/
πŸ”— http://www.securityfocus.com/bid/105184
πŸ”— https://access.redhat.com/errata/RHSA-2018:3829
πŸ”— https://access.redhat.com/errata/RHSA-2019:0019
πŸ”— https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/

Related Vulnerabilities

CVE-2021-392269.8

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to vi...

CVE-2021-412449.1

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control bet...

CVE-2021-274379.1

The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-cod...

CVE-2020-133798.2

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauth...