Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Published

2023-06-22T21:15:09.573

Last Modified

2025-02-13T17:16:55.490

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.4 (CRITICAL)

Weaknesses

Type: Secondary
CWE-290
Type: Primary
CWE-290

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	grafana	grafana	< 8.5.27	Yes
Application	grafana	grafana	< 8.5.27	Yes
Application	grafana	grafana	< 9.2.20	Yes
Application	grafana	grafana	< 9.2.20	Yes
Application	grafana	grafana	< 9.3.16	Yes
Application	grafana	grafana	< 9.3.16	Yes
Application	grafana	grafana	< 9.4.13	Yes
Application	grafana	grafana	< 9.4.13	Yes
Application	grafana	grafana	< 9.5.4	Yes
Application	grafana	grafana	< 9.5.4	Yes

References

https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp Vendor Advisory ([email protected])
https://grafana.com/security/security-advisories/cve-2023-3128/ Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230714-0004/ Third Party Advisory ([email protected])
https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://grafana.com/security/security-advisories/cve-2023-3128/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230714-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)