Published: 22/06/2023 Updated: 21/07/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

DescriptionA flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant AzureAD OAuth application.&nbsp;This may allow an malicious user to gain complete control of the user's account, including access to private customer data and sensitive information.A flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant AzureAD OAuth application. This may allow an malicious user to gain complete control of the user's account, including access to private customer data and sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grafana grafana

概要 Moderate: grafana security and enhancement update タイプ/重大度 Security Advisory: Moderate Red Hat Insights パッチ分析このアドバイザリーの影響を受けるシステムを特定し、修正します。影響を受けるシステムの表示トピック An update for grafana is now available for Red Ha ...

Synopsis Moderate: Red Hat build of Cryostat 240: new RHEL 8 container images Type/Severity Security Advisory: Moderate Topic New Red Hat build of Cryostat 240 on RHEL 8 container images are now available Description New Red Hat build of Cryostat 240 on RHEL 8 container images have been released, adding a variety of features and bug f ...

Synopsis Critical: grafana security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...

DescriptionA flaw was found in Grafana, which validates Azure AD accounts based on the email claim On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant AzureAD OAuth application&nbsp;This may all ...

Hitachi Infrastructure Analytics Advisor contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533, CVE-2022-1471, CVE-2023-1370, CVE-2023-26048, CVE-2023-26049 Hitachi Ops Center Analyzer viewpoi ...

CWE-290 https://grafana.com/security/security-advisories/cve-2023-3128/https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp https://security.netapp.com/advisory/ntap-20230714-0004/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:6972 https://access.redhat.com/security/cve/cve-2023-3128

CVE-2023-3128

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect