A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
References
Link | Resource |
---|---|
https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f | Exploit Vendor Advisory |
https://grafana.com/security/security-advisories/cve-2023-6152/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Oct 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f - Exploit, Vendor Advisory | |
References | () https://grafana.com/security/security-advisories/cve-2023-6152/ - Vendor Advisory | |
First Time |
Grafana
Grafana grafana |
|
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:10.1.0:*:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:10.2.0:*:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:10.3.0:*:*:*:*:*:*:* |
13 Feb 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-13 22:15
Updated : 2024-10-21 18:35
NVD link : CVE-2023-6152
Mitre link : CVE-2023-6152
CVE.ORG link : CVE-2023-6152
JSON object : View
Products Affected
grafana
- grafana
CWE
CWE-863
Incorrect Authorization