VYPR
Critical severity9.8NVD Advisory· Published Aug 29, 2018· Updated Jun 17, 2026

CVE-2018-15727

CVE-2018-15727

Description

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/grafana/grafanaGo
< 4.6.44.6.4
github.com/grafana/grafanaGo
>= 5.0.0, < 5.2.35.2.3

Affected products

173

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.