CVE-2023-3128

Aliases:GHSA-mpv3-g8m3-3fjcBIT-grafana-2023-3128GHSA-gxh2-6vvc-rrgp

Advisory lineage Upstream: 0 Downstream: 14

Downstream

OPENSUSE-SU-2024:13018-1 RHSA-2023:4030 RHSA-2023:6420 RHSA-2023:6972 RHSA-2024:3925 SUSE-SU-2023:2915-1

Modified

Published: 22 Jun 2023, 20:14

Last modified:13 Feb 2025, 16:49

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (nvd)

EPSS Score

1.88% LOW

2% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Jun 2023, 20:14

Published

Vulnerability first disclosed

13 Feb 2025, 16:49

Last Modified

Vulnerability information updated

Description

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

CVSS Metrics

v3.1•CRITICAL•Score: 9.4CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 1.88%• Percentile: 83%

Techniques & Countermeasures

CWE-290•Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Affected Systems

github.com/grafana•grafana
≥ 9.4.0, < 9.4.13 | ≥ 9.3.0, < 9.3.16 | ≥ 9.0.0, < 9.2.20 | < 8.5.27
grafana•grafana
≥ 6.7.0, < 8.5.27 | ≥ 9.2.0, < 9.2.20 | ≥ 9.3.0, < 9.3.16 | ≥ 9.4.0, < 9.4.13 | ≥ 9.5.0, < 9.5.4
grafana•grafana enterprise
≥ 9.5.0, < 9.5.4 | ≥ 9.4.0, < 9.4.13 | ≥ 9.3.0, < 9.3.16 | ≥ 9.2.0, < 9.2.20 | ≥ 6.7.0, < 8.5.27