11 matches found
SUSE CVE-2018-15727
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...
CVE-2018-15727
creationtimestamp| type| source ---|---|--- 2020-04-20 13:31:01+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/grafanaauthbypass.py 2025-02-06 03:13:43+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:04+00:00| seen|...
Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth
This module generates a remember me cookie for a valid username. Through unpropper seeding while userdate are requested from LDAP or OAuth it's possible to craft a valid remember me cookie. This cookie can be used for bypass authentication for everyone knowing a valid username. !/usr/bin/env...
RHEL 7 : grafana (RHSA-2019:0019)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0019 advisory. The grafana package provides the Grafana metrics dashboard and graph editor. Security Fixes: grafana: authentication bypass knowing only a...
Moderate: Red Hat Security Advisory: grafana security and bug fix update
The updated grafana package is now available for Red Hat Ceph Storage 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Moderate: Red Hat Security Advisory: RHGS WA security and bug fix update
Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
RHEL 7 : RHGS WA (RHSA-2018:3829)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3829 advisory. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Glust...
CVE-2018-15727
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Mitigation As per upstream Switch to authentication mechanism other than LDAP or OAuth Grafana...
CVE-2018-15727
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...
CVE-2018-15727
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...
CVE-2018-15727
CVE-2018-15727 concerns Grafana authentication bypass via a crafted remember-me cookie when only a LDAP/OAuth username is known. Affected releases include Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3. Multiple connected advisories confirm fixes: Red Hat advisories (RHSA-2018:3829, ...