CVE-2018-15727 : Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authenticatio

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

Published 2018-08-29 15:29:00

Updated 2019-03-05 17:26:50

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2018-15727

Redhat » Ceph Storage » Version: 3.0
cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
Matching versions
Grafana » Grafana
Versions from including (>=) 4.0.0 and before (<) 4.6.4
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Matching versions
Grafana » Grafana
Versions from including (>=) 3.0.0 and up to, including, (<=) 3.1.1
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Matching versions
Grafana » Grafana
Versions from including (>=) 5.0.0 and before (<) 5.2.3
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Matching versions
Grafana » Grafana
Versions from including (>=) 2.0.0 and up to, including, (<=) 2.1.2
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-15727

EPSS FAQ

77.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2018-15727

Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth

Disclosure Date: 2019-08-14

First seen: 2020-04-26

auxiliary/admin/http/grafana_auth_bypass

This module generates a remember me cookie for a valid username. Through unpropper seeding while userdate are requested from LDAP or OAuth it's possible to craft a valid remember me cookie. This cookie can be used for bypass authentication for everyone knowing a valid user

More information

CVSS scores for CVE-2018-15727

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-15727

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-15727

https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/

Grafana 5.2.3 and 4.6.4 released with important security fix | Grafana Labs
Patch;Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3829

RHSA-2018:3829 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.securityfocus.com/bid/105184

Grafana CVE-2018-15727 Authentication Bypass Vulnerability
Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2019:0019

RHSA-2019:0019 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

Jump to