Описание
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| grafana | removed | package |
EPSS
Связанные уязвимости
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
Email Validation Bypass And Preventing Sign Up From Email's Owner
Уязвимость базовой системы аутентификации веб-инструмента представления данных Grafana, позволяющая нарушителю обойти проверку электронной почты и помешать законным владельцам электронной почты зарегистрироваться
EPSS