Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.3 views

SUSE CVE-2018-15727

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...

8.2CVSS9.8AI score0.64284EPSS
Exploits0References6
Circl
Circl
added 2020/04/20 1:31 p.m.11 views

CVE-2018-15727

creationtimestamp| type| source ---|---|--- 2020-04-20 13:31:01+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/grafanaauthbypass.py 2025-02-06 03:13:43+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:04+00:00| seen|...

9.8CVSS6.8AI score0.64284EPSS
Exploits0References3
Metasploit
Metasploit
added 2019/07/31 4:59 p.m.76 views

Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth

This module generates a remember me cookie for a valid username. Through unpropper seeding while userdate are requested from LDAP or OAuth it's possible to craft a valid remember me cookie. This cookie can be used for bypass authentication for everyone knowing a valid username. !/usr/bin/env...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/07 12:0 a.m.34 views

RHEL 7 : grafana (RHSA-2019:0019)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0019 advisory. The grafana package provides the Grafana metrics dashboard and graph editor. Security Fixes: grafana: authentication bypass knowing only a...

9.8CVSS7.3AI score0.64284EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2019/01/03 5:45 p.m.159 views

Moderate: Red Hat Security Advisory: grafana security and bug fix update

The updated grafana package is now available for Red Hat Ceph Storage 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS6.7AI score0.64284EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2018/12/17 6:41 p.m.85 views

Moderate: Red Hat Security Advisory: RHGS WA security and bug fix update

Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

9.8CVSS6.8AI score0.64284EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2018/12/17 12:0 a.m.32 views

RHEL 7 : RHGS WA (RHSA-2018:3829)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3829 advisory. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Glust...

9.8CVSS7.3AI score0.64284EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2018/08/30 10:18 p.m.26 views

CVE-2018-15727

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Mitigation As per upstream Switch to authentication mechanism other than LDAP or OAuth Grafana...

9.8CVSS2.1AI score0.64284EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/08/29 3:29 p.m.28 views

CVE-2018-15727

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...

9.8CVSS6.8AI score0.64284EPSS
Exploits0References2
OSV
OSV
added 2018/08/29 3:29 p.m.31 views

CVE-2018-15727

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...

9.8CVSS7AI score
Exploits0References4
CVE
CVE
added 2018/08/29 3:0 p.m.128 views

CVE-2018-15727

CVE-2018-15727 concerns Grafana authentication bypass via a crafted remember-me cookie when only a LDAP/OAuth username is known. Affected releases include Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3. Multiple connected advisories confirm fixes: Red Hat advisories (RHSA-2018:3829, ...

9.8CVSS7.7AI score0.64284EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder