CVE-2023-6152

Published Feb 13, 2024

Last updated a month ago

CVSS medium 5.4

Overview

Description: A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
Source: security@grafana.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.5
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-863
security@grafana.com: CWE-863

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1B0912A-B5CC-42BE-93D4-0A501A0245FA",
            "versionEndIncluding": "2.5.0"
          },
          {
            "criteria": "cpe:2.3:a:grafana:grafana:10.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB81DBAE-551A-41FD-BFB5-325C9E0BCA10"
          },
          {
            "criteria": "cpe:2.3:a:grafana:grafana:10.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A61A884-885C-4961-8263-682CC9EDBCE8"
          },
          {
            "criteria": "cpe:2.3:a:grafana:grafana:10.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE8E4C18-557B-4CD0-9EE5-DC4B8D5F20BC"
          },
          {
            "criteria": "cpe:2.3:a:grafana:grafana:10.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F6206EA-DB68-4409-A694-74F47D6879D4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References