2 matches found
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials admin/admin for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured b...
CVE-2018-9090
CVE-2018-9090 affects CoreOS Tectonic 1.7.x and 1.8.x prior to 1.8.7-tectonic.2, where Grafana runs with administrator credentials (admin/admin) stored in the grafana-credentials secret because passwords are not randomized for administrator configuration. This enables an attacker to inject an XSS...