Main Vulnerability Database SB2018121805

SB2018121805 - Red Hat update for grafana

Published: December 18, 2018

Security Bulletin ID SB2018121805

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Authentication bypass (CVE-ID: CVE-2018-15727)

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to the web application generates predictable cookie value for the "remember me" cookie that is based on the username of an LDAP or OAuth user. A remote non-authenticated attacker can bypass authentication process and gain unrestricted access to the web application.

Successful exploitation of the vulnerability requires knowledge of the username.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2018:3829