FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1f8d5806-ac51-11e8-9cb6-10c37b4ac2eagrafana -- LDAP and OAuth login vulnerability

Grafana Labs reports:

On the 20th of August at 1800 CEST we were contacted about a potential security issue with the “remember me” cookie Grafana sets upon login. The issue targeted users without a local Grafana password (LDAP & OAuth users) and enabled a potential attacker to generate a valid cookie knowing only a username.

All installations which use the Grafana LDAP or OAuth authentication features must be upgraded as soon as possible. If you cannot upgrade, you should switch authentication mechanisms or put additional protections in front of Grafana such as a reverse proxy.


Discovery 2018-08-20
Entry 2018-08-31
grafana5
>= 5.0.0 lt 5.2.3

grafana4
>= 4.0.0 lt 4.6.4

grafana3
>= 3.0.0

grafana2
>= 2.0.0

https://community.grafana.com/t/grafana-5-2-3-and-4-6-4-security-update/10050
CVE-2018-558213