Skip to content

x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/api: GHSA-rgjg-66cx-5x9m #707

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/api: GHSA-rgjg-66cx-5x9m#707
Assignees
julieqiu
Labels
excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on Aug 1, 2022

In GitHub Security Advisory GHSA-rgjg-66cx-5x9m, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/grafana/grafana/pkg/api 5.2.3 >= 5.0.0, < 5.2.3

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/grafana/grafana/pkg/api
    versions:
      - introduced: 5.0.0
        fixed: 5.2.3
  - package: github.com/grafana/grafana/pkg/api
    versions:
      - fixed: 4.6.4
description: Grafana before 4.6.4 and 5.x before 5.2.3 allows authentication bypass
    because an attacker can generate a valid "remember me" cookie knowing only a username
    of an LDAP or OAuth user.
published: 2022-02-15T01:57:18Z
last_modified: 2022-04-12T22:18:16Z
cves:
  - CVE-2018-15727
ghsas:
  - GHSA-rgjg-66cx-5x9m
links:
    context:
      - https://github.com/advisories/GHSA-rgjg-66cx-5x9m

Metadata

Metadata

Assignees

Labels

excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions