Lucene search

[email protected]CVE-2023-3128

HistoryJun 22, 2023 - 9:15 p.m.

CVE-2023-3128

2023-06-2221:15:09

CWE-290

[email protected]

web.nvd.nist.gov

grafana

cve-2023-3128

azure ad

account validation

account takeover

authentication bypass

nvd.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.3%

JSON

Grafana is validating Azure AD accounts based on the email claim.

On Azure AD, the profile email field is not unique and can be easily modified.

This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Affected configurations

NVD

Node

grafanagrafanaRange6.7.0–8.5.27-

grafanagrafanaRange6.7.0–8.5.27enterprise

grafanagrafanaRange9.2.0–9.2.20-

grafanagrafanaRange9.2.0–9.2.20enterprise

grafanagrafanaRange9.3.0–9.3.16-

grafanagrafanaRange9.3.0–9.3.16enterprise

grafanagrafanaRange9.4.0–9.4.13-

grafanagrafanaRange9.4.0–9.4.13enterprise

grafanagrafanaRange9.5.0–9.5.4-

grafanagrafanaRange9.5.0–9.5.4enterprise

CPENameOperatorVersion
grafana:grafanagrafanalt8.5.27
grafana:grafanagrafanalt9.2.20
grafana:grafanagrafanalt9.3.16
grafana:grafanagrafanalt9.4.13
grafana:grafanagrafanalt9.5.4

CPE	Name	Operator	Version
grafana:grafana	grafana	lt	8.5.27
grafana:grafana	grafana	lt	9.2.20
grafana:grafana	grafana	lt	9.3.16
grafana:grafana	grafana	lt	9.4.13
grafana:grafana	grafana	lt	9.5.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Grafana",
    "vendor": "Grafana",
    "versions": [
      {
        "lessThan": "9.5.4",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.4.13",
        "status": "affected",
        "version": "9.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.3.16",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.2.20",
        "status": "affected",
        "version": "9.2.0",
        "versionType": "semver"
      },
      {
        "lessThan": "8.5.27",
        "status": "affected",
        "version": "6.7.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Grafana Enterprise",
    "vendor": "Grafana",
    "versions": [
      {
        "lessThan": "9.5.4",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.4.13",
        "status": "affected",
        "version": "9.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.3.16",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.2.20",
        "status": "affected",
        "version": "9.2.0",
        "versionType": "semver"
      },
      {
        "lessThan": "8.5.27",
        "status": "affected",
        "version": "6.7.0",
        "versionType": "semver"
      }
    ]
  }
]