Medium severity6.1NVD Advisory· Published Sep 24, 2019· Updated Jun 17, 2026
CVE-2018-9090
CVE-2018-9090
Description
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CoreOS/Tectonicdescription
Patches
Vulnerability mechanics
References
2- coreos.com/tectonic/releases/nvdRelease NotesVendor Advisory
- coreos.com/tectonic/releases/nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.