CVE-2018-15727
EUVD-2022-117129.08.2018, 15:29
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| grafana | grafana | 2.0.0 ≤ 𝑥 ≤ 2.1.2 |
| grafana | grafana | 3.0.0 ≤ 𝑥 ≤ 3.1.1 |
| grafana | grafana | 4.0.0 ≤ 𝑥 < 4.6.4 |
| grafana | grafana | 5.0.0 ≤ 𝑥 < 5.2.3 |
| redhat | ceph_storage | 3.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References