Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.

Related CVEs

CVE-2018-0039

Key Information

GHSA ID

GHSA-v468-p66w-62gm

Published

May 13, 2022 1:35 AM

Last Modified

May 13, 2022 1:35 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.