Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-3128

Опубликовано: 22 июн. 2023
Источник: debian

Описание

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
grafanaremovedpackage

Связанные уязвимости

ubuntu логотип

CVE-2023-3128

CVSS3: 9.4
ubuntu
больше 2 лет назад

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

redhat логотип

CVE-2023-3128

CVSS3: 9.8
redhat
больше 2 лет назад

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

nvd логотип

CVE-2023-3128

CVSS3: 9.4
nvd
больше 2 лет назад

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

rocky логотип

RLSA-2023:4030

rocky
больше 2 лет назад

Critical: grafana security update

github логотип

GHSA-mpv3-g8m3-3fjc

CVSS3: 9.4
github
больше 2 лет назад

Grafana vulnerable to Authentication Bypass by Spoofing