Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-3128

Опубликовано: 22 июн. 2023
Источник: debian
EPSS Низкий

Описание

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
grafanaremovedpackage

EPSS

Процентиль: 84%
0.02292
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-3128

CVSS3: 9.4
ubuntu
около 2 лет назад

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

redhat логотип

CVE-2023-3128

CVSS3: 9.8
redhat
около 2 лет назад

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

nvd логотип

CVE-2023-3128

CVSS3: 9.4
nvd
около 2 лет назад

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

rocky логотип

RLSA-2023:4030

rocky
около 2 лет назад

Critical: grafana security update

github логотип

GHSA-mpv3-g8m3-3fjc

CVSS3: 9.4
github
около 2 лет назад

Grafana vulnerable to Authentication Bypass by Spoofing

EPSS

Процентиль: 84%
0.02292
Низкий