Possible wrong detection of CVE-2018-15727

Checks if a vulnerable version of grafana is present on the target host, seems to be a false positive.
Details:
Grafana Authentication Bypass Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.113260)
Version used: $Revision: 12889 $

the version of grafana installed is higher than the version given as a fix in the result

Hi there and welcome aboard,

could you be a little more specific and paste the output of the detection and the vulnerable version check? Thanks in advance!

Cheers

1 Like

Grafana Authentication Bypass Vulnerability, affected versions Grafana 2.0.0 through 4.6.3 and 5.0.0 through 5.2.2.

Checks if a vulnerable version is present on the target host.
Details:
Grafana Authentication Bypass Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.113260)
Version used: $Revision: 12889 $

Output of the detection:
Installed version: 2.6.0
Fixed version: 4.6.4

The actual version i have deployed is V6.2.5

Thanks.

Thanks for the details, I’ve sent you a PM to discuss how we can fix this.

Cheers

1 Like

Just want to note that the Detection of Grafana was updated in the meantime.

It seems the initial problem was originating from a change in newer Grafana releases where the source code (including the version) was changed causing an outdated version to be extracted. The correct version is extracted again for newer Grafana releases after this update.

3 Likes