Description

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Remediation

References

CVE-2023-3128

Related Vulnerabilities

osCommerce Incorrect Comparison Vulnerability (CVE-2020-23360)

WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)

MySQL Other Vulnerability (CVE-2004-0457)

WordPress 3.3 Cross-Site Scripting Vulnerability (3.3)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6477)

Severity

Critical

Classification

CVE-2023-3128 CWE-290 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities