github.com/grafana/grafana is vulnerable to information disclosure. The vulnerability is due to the SendResetPasswordEmail
function in password.go
exposing if a user does not exist in the database by an error message.
github.com/grafana/grafana/commit/11ab2c8b1b9238c7ca3470a6e254b5a0e9745e6e
github.com/grafana/grafana/commit/64017e8ca6825b79a2acb887a1c1d9088e47ed72
github.com/grafana/grafana/issues/596
github.com/grafana/grafana/issues/639
github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5
security.netapp.com/advisory/ntap-20221215-0004/