Source: grafana Version: 2.6.0+dfsg-3 Severity: grave Tags: security upstream
Hi, The following vulnerability was published for grafana. CVE-2018-15727[0]: | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows | authentication bypass because an attacker can generate a valid | "remember me" cookie knowing only a username of an LDAP or OAuth user. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-15727 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15727 [1] https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/ Regards, Salvatore