Описание
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
An authentication bypass vulnerability was found in the verify_email_enabled feature of Grafana. Even when enabled, this configuration option does not fully enforce email verification. This issue could allow a remote attacker that has authenticated with basic credentials to change the email address to use an unverified address. Successful exploitation could allow evasion of an organization's email domain filtering rules. An example of this is permitting a user in blocklisted countries or service providers to utilize a service.
Отчет
Use of Grafana basic authentication and the verify_email_enabled feature are preconditions for this vulnerability to affect your system.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Out of support scope | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Not affected | ||
| Red Hat Ceph Storage 3 | grafana | Out of support scope | ||
| Red Hat Ceph Storage 4 | rhceph/rhceph-4-dashboard-rhel8 | Out of support scope | ||
| Red Hat Ceph Storage 5 | rhceph/rhceph-5-dashboard-rhel8 | Affected | ||
| Red Hat Ceph Storage 6 | rhceph/rhceph-6-dashboard-rhel9 | Affected | ||
| Red Hat Ceph Storage 7 | rhceph/grafana-rhel9 | Affected | ||
| Red Hat Enterprise Linux 8 | grafana | Will not fix | ||
| Red Hat Enterprise Linux 9 | grafana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
A user changing their email after signing up and verifying it can chan ...
Email Validation Bypass And Preventing Sign Up From Email's Owner
Уязвимость базовой системы аутентификации веб-инструмента представления данных Grafana, позволяющая нарушителю обойти проверку электронной почты и помешать законным владельцам электронной почты зарегистрироваться
EPSS
5.4 Medium
CVSS3