Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid remember me cookie knowing only a username of an LDAP or OAuth user.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Grafana | Grafana | 2.0.0 (including) | 2.1.2 (including) |
| Grafana | Grafana | 3.0.0 (including) | 3.1.1 (including) |
| Grafana | Grafana | 4.0.0 (including) | 4.6.4 (excluding) |
| Grafana | Grafana | 5.0.0 (including) | 5.2.3 (excluding) |
| Red Hat Ceph Storage 3.2 | RedHat | grafana-0:5.2.4-1.el7cp | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | grafana-0:4.6.4-1.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-ansible-0:1.6.3-10.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-api-0:1.6.3-8.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-gluster-integration-0:1.6.3-13.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-monitoring-integration-0:1.6.3-16.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-node-agent-0:1.6.3-11.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-ui-0:1.6.3-14.el7rhgs | * |
| Grafana | Ubuntu | esm-apps/xenial | * |
| Grafana | Ubuntu | upstream | * |
| Grafana | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://www.securityfocus.com/bid/105184
- https://access.redhat.com/errata/RHSA-2018:3829
- https://access.redhat.com/errata/RHSA-2019:0019
- https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/
- http://www.securityfocus.com/bid/105184
- https://access.redhat.com/errata/RHSA-2018:3829
- https://access.redhat.com/errata/RHSA-2019:0019
- https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/