Main Vulnerability Database Exploits ID:2150 - Exploit for Authentication bypass in Grafana - CVE-2018-15727

ID:2150 - Exploit for Authentication bypass in Grafana - CVE-2018-15727

Published: March 18, 2020

Vulnerability identifier: #VU14575

Vulnerability risk: High

CVE-ID: CVE-2018-15727

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Grafana

Link to public exploit:

https://github.com/u238/grafana-CVE-2018-15727

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to the web application generates predictable cookie value for the "remember me" cookie that is based on the username of an LDAP or OAuth user. A remote non-authenticated attacker can bypass authentication process and gain unrestricted access to the web application.

Successful exploitation of the vulnerability requires knowledge of the username.

Remediation

Update to version 4.6.4 or 5.2.3.

ID:2150 - Exploit for Authentication bypass in Grafana - CVE-2018-15727

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human