Session Fixation

Our security team observed that this application was vulnerable to a session fixation issue.

The session cookie ‘grafana_sess’ is generated upon accessing the application login interface, is not re-generated after a successful authentication. On gaining admin level access exploiting this issue, an attacker with no access to the application whatsoever could perform actions such as adding a new user, modifying existing user details, deleting users and so on.

Can this vulnerability be addressed currently?