9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
51.3%
Grafana is vulnerable to authentication bypass vulnerability. The vulnerability is specififc to Grafana deployments configured to use Azure AD OAuth for user authentication with a multi-tenant Azure application and without restrictions on which user groups can authenticate (via the ‘allowed_groups’ configuration). Graphana authenticates Azure AD accounts based on the email address configured in the associated ‘profile email’ setting. However , this setting is not unique across all Azure AD tenants, allowing attackers to create Azure AD accounts with the same email address as legitimate Grafana users and use them to hijack accounts.