CVE-2023-3128
CRITICAL severity · CVSS 9.4 · CWE-290
9.4CVSS CRITICAL
Summary
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactLow
Exploit probability (EPSS)2%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgpAdvisory
- https://grafana.com/security/security-advisories/cve-2023-3128/Advisory
- https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgpAdvisory
- https://grafana.com/security/security-advisories/cve-2023-3128/Advisory
- https://security.netapp.com/advisory/ntap-20230714-0004/Advisory
- https://security.netapp.com/advisory/ntap-20230714-0004/Advisory