github.com/grafana/grafana is vulnerable to privilege escalation due to improper email validation in the response
parameter of org_invite.go
. Admins can create new users with a registration link sent via email, allowing an attacker to register a user on the site with a different email address used than the one used for sending the registration link.
github.com/grafana/grafana/commit/be4228db5a43f65a989239f891185d45912d39ad
github.com/grafana/grafana/commit/f8239a2157bf63a18c4429c25aa7b934b09c3be9
github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84
grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306
security.netapp.com/advisory/ntap-20221215-0004/