Описание
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
5.4 Medium
CVSS3
Связанные уязвимости
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
A user changing their email after signing up and verifying it can chan ...
Email Validation Bypass And Preventing Sign Up From Email's Owner
Уязвимость базовой системы аутентификации веб-инструмента представления данных Grafana, позволяющая нарушителю обойти проверку электронной почты и помешать законным владельцам электронной почты зарегистрироваться
5.4 Medium
CVSS3