CVE-2018-15727 — Vulnetix

CVE-2018-15727 PUBLISHED

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

EPSS 79.55% · 99.1th percentile

Risk Scores

EPSS Score

79.55%

99.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	grafana	0, *

Exploit Intelligence

a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727) (github-poc)
a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727) (github-poc)
a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727) (github-poc)
a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727) (github-poc)
a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727) (github-poc)
a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727) (github-poc)
a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727) (github-poc)
a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727) (github-poc)
CIRCL seen: CVE-2018-15727 (circl-sighting)
CIRCL seen: CVE-2018-15727 (circl-sighting)

…and 5 more exploits

Timeline

Aug 29, 2018 CVE Published
Apr 20, 2020 PoC Published
Apr 14, 2021 EPSS Score
Mar 7, 2023 EPSS Score
Mar 12, 2023 EPSS Score
Jan 20, 2024 EPSS Score
Nov 21, 2024 CVE Updated
Dec 17, 2024 EPSS Score
Jan 13, 2025 EPSS Score
Feb 6, 2025 PoC Published
Feb 23, 2025 PoC Published
Mar 19, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2018-15727 third-party-advisory
https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/ third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-15727 third-party-advisory

Open in Interactive Console →