CVE-2023-3128 — Authentication Bypass by Spoofing in Grafana

CWE-290 — Authentication Bypass by Spoofing CWE-305 — Authentication Bypass by Primary Weakness6 documents5 sources

Severity

9.8CRITICALNVD

CNA9.4

EPSS

1.9%

top 16.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Grafana Grafana Enterprise Github.com Grafana Grafana

Timeline

PublishedJun 22

Description

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5grafana/grafana9.5.0 — 9.5.4+4

▶NVDgrafana/grafana6.7.0 — 8.5.27+4

▶CVEListV5grafana/grafana_enterprise9.5.0 — 9.5.4+4

▶Gogithub.com/grafana_grafana9.4.0 — 9.4.13+3

🔴Vulnerability Details

CVEList

CVE-2023-3128: Grafana is validating Azure AD accounts based on the email claim↗2023-06-22

▶

OSV

Grafana vulnerable to Authentication Bypass by Spoofing↗2023-06-22

▶

GHSA

Grafana vulnerable to Authentication Bypass by Spoofing↗2023-06-22

▶

OSV

CVE-2023-3128: Grafana is validating Azure AD accounts based on the email claim↗2023-06-22

▶

📋Vendor Advisories

Red Hat

grafana: account takeover possible when using Azure AD OAuth↗2023-06-22

▶