Description

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Remediation

References

CVE-2023-3128

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-0448)

WordPress Plugin BookX Local File Inclusion (1.7)

b2evolution URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-22840)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2266)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7882)

Severity

Critical

Classification

CVE-2023-3128 CWE-290 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities