CVE-2023-6152 - OpenCVE

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Grafana	Grafana

Configuration 1 [-]

OR	cpe:2.3:a:grafana:grafana::::::::
	cpe:2.3:a:grafana:grafana:10.0.0:::::::*
	cpe:2.3:a:grafana:grafana:10.1.0:::::::*
	cpe:2.3:a:grafana:grafana:10.2.0:::::::*
	cpe:2.3:a:grafana:grafana:10.3.0:::::::*

No data.

References

Link	Providers
https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f
https://go.grafana.com/MzU2LVlGRy0zODkAAAGQ-uA6C7nzuSa-sr-ExDECDtkQsqBtkIPyWCp7OfehAPZ64TOkmW-HiQcbNpcFuB_YOIOgltA=
https://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/
https://grafana.com/security/security-advisories/cve-2023-6152/
https://nvd.nist.gov/vuln/detail/CVE-2023-6152
https://www.cve.org/CVERecord?id=CVE-2023-6152

History

Mon, 21 Oct 2024 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Grafana Grafana grafana
CPEs		cpe:2.3:a:grafana:grafana:::::::: cpe:2.3:a:grafana:grafana:10.0.0:::::::* cpe:2.3:a:grafana:grafana:10.1.0:::::::* cpe:2.3:a:grafana:grafana:10.2.0:::::::* cpe:2.3:a:grafana:grafana:10.3.0:::::::*
Vendors & Products		Grafana Grafana grafana

MITRE

Status: PUBLISHED

Assigner: GRAFANA

Published: 2024-02-13T21:38:01.404Z

Updated: 2024-08-22T15:51:56.870Z

Reserved: 2023-11-15T12:44:28.824Z

Link: CVE-2023-6152

Vulnrichment

Updated: 2024-08-02T08:21:17.614Z

NVD

Status : Analyzed

Published: 2024-02-13T22:15:45.430

Modified: 2024-10-21T18:35:59.507

Link: CVE-2023-6152

Redhat

Severity : Moderate

Publid Date: 2024-02-14T00:00:00Z

Links: CVE-2023-6152 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6152", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "state": "PUBLISHED", "assignerShortName": "GRAFANA", "dateReserved": "2023-11-15T12:44:28.824Z", "datePublished": "2024-02-13T21:38:01.404Z", "dateUpdated": "2024-08-22T15:51:56.870Z"}, "containers": {"cna": {"affected": [{"product": "Grafana", "vendor": "Grafana", "versions": [{"lessThan": "9.5.16", "status": "affected", "version": "2.5.0", "versionType": "semver"}, {"lessThan": "10.0.11", "status": "affected", "version": "10.0.0", "versionType": "semver"}, {"lessThan": "10.1.7", "status": "affected", "version": "10.1.0", "versionType": "semver"}, {"lessThan": "10.2.4", "status": "affected", "version": "10.2.0", "versionType": "semver"}, {"lessThan": "10.3.3", "status": "affected", "version": "10.3.0", "versionType": "semver"}]}, {"product": "Grafana Enterprise", "vendor": "Grafana", "versions": [{"lessThan": "9.5.16", "status": "affected", "version": "2.5.0", "versionType": "semver"}, {"lessThan": "10.0.11", "status": "affected", "version": "10.0.0", "versionType": "semver"}, {"lessThan": "10.1.7", "status": "affected", "version": "10.1.0", "versionType": "semver"}, {"lessThan": "10.2.4", "status": "affected", "version": "10.2.0", "versionType": "semver"}, {"lessThan": "10.3.3", "status": "affected", "version": "10.3.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A user changing their email after signing up and verifying it can change it without verification in profile settings.</p><p>The configuration option \"verify_email_enabled\" will only validate email only on sign up.</p>"}], "value": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2024-02-13T21:38:01.404Z"}, "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"}, {"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.614Z"}, "title": "CVE Program Container", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-6152/", "tags": ["x_transferred"]}, {"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "grafana", "product": "grafana", "cpes": ["cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.5.0", "status": "affected", "lessThan": "9.5.16", "versionType": "custom"}, {"version": "10.0.0", "status": "affected", "lessThan": "10.0.11", "versionType": "custom"}, {"version": "10.10", "status": "affected", "lessThan": "10.1.7", "versionType": "custom"}, {"version": "10.2.0", "status": "affected", "lessThan": "10.2.4", "versionType": "custom"}, {"version": "10.3.0", "status": "affected", "lessThan": "10.3.3", "versionType": "custom"}]}, {"vendor": "grafana", "product": "grafana_enterprise", "cpes": ["cpe:2.3:a:grafana:grafana_enterprise:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.5.0", "status": "affected", "lessThan": "9.5.16", "versionType": "custom"}, {"version": "10.0.0", "status": "affected", "lessThan": "10.0.11", "versionType": "custom"}, {"version": "10.10", "status": "affected", "lessThan": "10.1.7", "versionType": "custom"}, {"version": "10.2.0", "status": "affected", "lessThan": "10.2.4", "versionType": "custom"}, {"version": "10.3.0", "status": "affected", "lessThan": "10.3.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-22T15:42:45.786092Z", "id": "CVE-2023-6152", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T15:51:56.870Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-6152/", "tags": ["x_transferred"]}, {"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.614Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6152", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-22T15:42:45.786092Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*"], "vendor": "grafana", "product": "grafana", "versions": [{"status": "affected", "version": "2.5.0", "lessThan": "9.5.16", "versionType": "custom"}, {"status": "affected", "version": "10.0.0", "lessThan": "10.0.11", "versionType": "custom"}, {"status": "affected", "version": "10.10", "lessThan": "10.1.7", "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.4", "versionType": "custom"}, {"status": "affected", "version": "10.3.0", "lessThan": "10.3.3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:grafana:grafana_enterprise:*:*:*:*:*:*:*:*"], "vendor": "grafana", "product": "grafana_enterprise", "versions": [{"status": "affected", "version": "2.5.0", "lessThan": "9.5.16", "versionType": "custom"}, {"status": "affected", "version": "10.0.0", "lessThan": "10.0.11", "versionType": "custom"}, {"status": "affected", "version": "10.10", "lessThan": "10.1.7", "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.4", "versionType": "custom"}, {"status": "affected", "version": "10.3.0", "lessThan": "10.3.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T15:47:58.337Z"}}], "cna": {"impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Grafana", "product": "Grafana", "versions": [{"status": "affected", "version": "2.5.0", "lessThan": "9.5.16", "versionType": "semver"}, {"status": "affected", "version": "10.0.0", "lessThan": "10.0.11", "versionType": "semver"}, {"status": "affected", "version": "10.1.0", "lessThan": "10.1.7", "versionType": "semver"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.4", "versionType": "semver"}, {"status": "affected", "version": "10.3.0", "lessThan": "10.3.3", "versionType": "semver"}]}, {"vendor": "Grafana", "product": "Grafana Enterprise", "versions": [{"status": "affected", "version": "2.5.0", "lessThan": "9.5.16", "versionType": "semver"}, {"status": "affected", "version": "10.0.0", "lessThan": "10.0.11", "versionType": "semver"}, {"status": "affected", "version": "10.1.0", "lessThan": "10.1.7", "versionType": "semver"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.4", "versionType": "semver"}, {"status": "affected", "version": "10.3.0", "lessThan": "10.3.3", "versionType": "semver"}]}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"}, {"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"}], "descriptions": [{"lang": "en", "value": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>A user changing their email after signing up and verifying it can change it without verification in profile settings.</p><p>The configuration option \"verify_email_enabled\" will only validate email only on sign up.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2024-02-13T21:38:01.404Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6152", "state": "PUBLISHED", "dateUpdated": "2024-08-22T15:51:56.870Z", "dateReserved": "2023-11-15T12:44:28.824Z", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "datePublished": "2024-02-13T21:38:01.404Z", "assignerShortName": "GRAFANA"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1B0912A-B5CC-42BE-93D4-0A501A0245FA", "versionEndIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grafana:grafana:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB81DBAE-551A-41FD-BFB5-325C9E0BCA10", "vulnerable": true}, {"criteria": "cpe:2.3:a:grafana:grafana:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A61A884-885C-4961-8263-682CC9EDBCE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:grafana:grafana:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE8E4C18-557B-4CD0-9EE5-DC4B8D5F20BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:grafana:grafana:10.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F6206EA-DB68-4409-A694-74F47D6879D4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n"}, {"lang": "es", "value": "Un usuario que cambia su correo electr\u00f3nico despu\u00e9s de registrarse y verificarlo puede cambiarlo sin verificaci\u00f3n en la configuraci\u00f3n del perfil. La opci\u00f3n de configuraci\u00f3n \"verify_email_enabled\" solo validar\u00e1 el correo electr\u00f3nico al registrarse."}], "id": "CVE-2023-6152", "lastModified": "2024-10-21T18:35:59.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@grafana.com", "type": "Secondary"}]}, "published": "2024-02-13T22:15:45.430", "references": [{"source": "security@grafana.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"}, {"source": "security@grafana.com", "tags": ["Vendor Advisory"], "url": "https://grafana.com/security/security-advisories/cve-2023-6152/"}], "sourceIdentifier": "security@grafana.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@grafana.com", "type": "Secondary"}]}

{"bugzilla": {"description": "grafana: email verification bypass", "id": "2262000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262000"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-302", "details": ["A user changing their email after signing up and verifying it can change it without verification in profile settings.\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.", "An authentication bypass vulnerability was found in the verify_email_enabled feature of Grafana. Even when enabled, this configuration option does not fully enforce email verification. This issue could allow a remote attacker that has authenticated with basic credentials to change the email address to use an unverified address. Successful exploitation could allow evasion of an organization's email domain filtering rules. An example of this is permitting a user in blocklisted countries or service providers to utilize a service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-6152", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Out of support scope", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/acm-grafana-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "grafana", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Out of support scope", "package_name": "rhceph/rhceph-4-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "rhceph/rhceph-6-dashboard-rhel9", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "rhceph/grafana-rhel9", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Storage 3"}], "public_date": "2024-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6152\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6152\nhttps://go.grafana.com/MzU2LVlGRy0zODkAAAGQ-uA6C7nzuSa-sr-ExDECDtkQsqBtkIPyWCp7OfehAPZ64TOkmW-HiQcbNpcFuB_YOIOgltA=\nhttps://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/"], "statement": "Use of Grafana basic authentication and the verify_email_enabled feature are preconditions for this vulnerability to affect your system.", "threat_severity": "Moderate", "upstream_fix": "grafana 10.3.1, grafana 10.2.3, grafana 10.1.6, grafana 10.0.10"}