What is CVE-2018-15727?

CVE-2018-15727 is a vulnerability in N/a. Published 2018-08-29.

Is CVE-2018-15727 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-15727

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

EPSS: 0.796 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

u238/grafana-CVE-2018-15727
rapid7/metasploit-framework
0xT11/CVE-POC
ARPSyndicate/cvemon
grimbelhax/CVE-2018-15727

References

105184 (vdb-entry, x_refsource_BID)
RHSA-2019:0019 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:3829 (x_refsource_REDHAT, vendor-advisory)
grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-sec… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-15727?: CVE-2018-15727 is a vulnerability in N/a. Published 2018-08-29.
Is CVE-2018-15727 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.