Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
References
Link | Resource |
---|---|
https://kb.juniper.net/JSA10872 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: juniper
Published: 2018-07-11T00:00:00
Updated: 2018-07-11T17:57:01
Reserved: 2017-11-16T00:00:00
Link: CVE-2018-0039
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-11T18:29:00.823
Modified: 2019-10-09T23:31:03.673
Link: CVE-2018-0039
JSON object: View
Redhat Information
No data.