CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-15727

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1160%
EPSS Percentile23.43th
Published2018年8月29日
Last Modified2024年11月21日

Vulnerability Description

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

Affected Platforms (CPE)

📦
Grafana

Grafana

>= 2.0.0 and <= 2.1.2
📦
Grafana

Grafana

>= 3.0.0 and <= 3.1.1
📦
Grafana

Grafana

>= 4.0.0 and < 4.6.4
📦
Grafana

Grafana

>= 5.0.0 and < 5.2.3
📦
Redhat

Ceph Storage

= 3.0

References & Advisories

🔗 http://www.securityfocus.com/bid/105184
🔗 https://access.redhat.com/errata/RHSA-2018:3829
🔗 https://access.redhat.com/errata/RHSA-2019:0019
🔗 https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/
🔗 http://www.securityfocus.com/bid/105184
🔗 https://access.redhat.com/errata/RHSA-2018:3829
🔗 https://access.redhat.com/errata/RHSA-2019:0019
🔗 https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/

関連する脆弱性情報

CVE-2021-392269.8

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to vi...

CVE-2021-412449.1

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control bet...

CVE-2021-274379.1

The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-cod...

CVE-2020-133798.2

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauth...