Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
No PoCs from references.
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/grimbelhax/CVE-2018-15727
- https://github.com/u238/grafana-CVE-2018-15727