suse · CVE-2018-15727

Quick triage

Priority: low Published: 2021-05-30 14:16:00 UTC Updated: 2026-04-17 15:19:08 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-15727 severity low: SUSE including 166 source package names (ardana-ansible-8.0+git.1566374355.c509923-3.67.3, ardana-glance-8.0+git.1566376789.be0fe01-3.17.3, …), 349 product×package rows across 9 product lines (HPE Helion OpenStack 8, SUSE Enterprise Storage 4, … (9 product lines)): Fixed 346, Known Not Affected 3.

Description:

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

cvelogic Threat Intelligence