Description

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Remediation

References

CVE-2023-3128

Related Vulnerabilities

WordPress Plugin WP Super Cache Cross-Site Scripting (1.4)

MySQL CVE-2019-2566 Vulnerability (CVE-2019-2566)

WordPress Plugin HTML5 Maps Cross-Site Request Forgery (1.6.5.6)

Python Integer Overflow or Wraparound Vulnerability (CVE-2018-20406)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6897)

Severity

Critical

Classification

CVE-2023-3128 CWE-290 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities