grafana is vulnerable to Authentication Bypass. The vulnerability exists due to the GetUserByLogin
function in user.go
conflict in the login field; An attacker can register into the system from another user’s email address as a username blocking a user’s login attempt.
github.com/grafana/grafana/commit/1d58ef43fbd5fd0cea0e67229f7daeb698f0a64b
github.com/grafana/grafana/commit/5644758f0c5ae9955a4e5480d71f9bef57fdce35
github.com/grafana/grafana/commit/85f581105a677d9c243d7e337b8b4a4e28cabc1c
github.com/grafana/grafana/commit/f5da38804163a17b893dc4343f8e5cc9d4f92a4d
github.com/grafana/grafana/pull/511
github.com/grafana/grafana/releases/tag/v9.1.8
github.com/grafana/grafana/security/advisories/GHSA-gj7m-853r-289r