CVE-2023-6152
published 2024-02-13CVE-2023-6152: A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option…
PriorityP427medium5.4CVSS 3.1
AVNACLPRLUINSUCNILAL
EPSS
1.39%
68.8th percentile
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | grafana_grafana | >= 10.0.0 < 10.0.11 | 10.0.11 |
| github.com | grafana_grafana | >= 10.1.0 < 10.1.7 | 10.1.7 |
| github.com | grafana_grafana | >= 10.2.0 < 10.2.4 | 10.2.4 |
| github.com | grafana_grafana | >= 10.3.0 < 10.3.3 | 10.3.3 |
| github.com | grafana_grafana | >= 2.5.0 < 9.5.16 | 9.5.16 |
| grafana | grafana | <= 2.5.0 | — |
| grafana | grafana | — | — |
| grafana | grafana | — | — |
| grafana | grafana | — | — |
| grafana | grafana | — | — |
| grafana | grafana | >= 10.0.0 < 10.0.11 | 10.0.11 |
| grafana | grafana | >= 10.1.0 < 10.1.7 | 10.1.7 |
| grafana | grafana | >= 10.2.0 < 10.2.4 | 10.2.4 |
| grafana | grafana | >= 10.3.0 < 10.3.3 | 10.3.3 |
| grafana | grafana | >= 2.5.0 < 9.5.16 | 9.5.16 |
| grafana | grafana_enterprise | >= 10.0.0 < 10.0.11 | 10.0.11 |
| grafana | grafana_enterprise | >= 10.1.0 < 10.1.7 | 10.1.7 |
| grafana | grafana_enterprise | >= 10.2.0 < 10.2.4 | 10.2.4 |
| grafana | grafana_enterprise | >= 10.3.0 < 10.3.3 | 10.3.3 |
| grafana | grafana_enterprise | >= 2.5.0 < 9.5.16 | 9.5.16 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
osv5.4MEDIUM
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Email Validation Bypass And Preventing Sign Up From Email's Owner
osv·2024-02-13
CVE-2023-6152 [MEDIUM] Email Validation Bypass And Preventing Sign Up From Email's Owner
Email Validation Bypass And Preventing Sign Up From Email's Owner
### Summary
Email validation can easily be bypassed because `verify_email_enabled` option enable email validation at sign up only.
A user changing it's email after signing up (and verifying it) can change it without verification in `/profile`.
This can be used to prevent legitimate owner of the email address from signing up.
Another way to prevent email's owner from signing up is by setting Username as an email:
When a new user is registrering, they can set two different email addresses in the Email and Username field, technically having 2 email addresses (because Grafana handles usernames and emails the same in some situations), but only the former is validated.
Here user a prevents owner of [email protected] to signup.
OSV
CVE-2023-6152: A user changing their email after signing up and verifying it can change it without verification in profile settings
osv·2024-02-13·CVSS 5.4
CVE-2023-6152 [MEDIUM] CVE-2023-6152: A user changing their email after signing up and verifying it can change it without verification in profile settings
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
GHSA
Email Validation Bypass And Preventing Sign Up From Email's Owner
ghsa·2024-02-13
CVE-2023-6152 [MEDIUM] CWE-863 Email Validation Bypass And Preventing Sign Up From Email's Owner
Email Validation Bypass And Preventing Sign Up From Email's Owner
### Summary
Email validation can easily be bypassed because `verify_email_enabled` option enable email validation at sign up only.
A user changing it's email after signing up (and verifying it) can change it without verification in `/profile`.
This can be used to prevent legitimate owner of the email address from signing up.
Another way to prevent email's owner from signing up is by setting Username as an email:
When a new user is registrering, they can set two different email addresses in the Email and Username field, technically having 2 email addresses (because Grafana handles usernames and emails the same in some situations), but only the former is validated.
Here user a prevents owner of [email protected] to signup.
Red Hat
grafana: email verification bypass
vendor_redhat·2024-02-14·CVSS 5.4
CVE-2023-6152 [MEDIUM] CWE-302 grafana: email verification bypass
grafana: email verification bypass
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
An authentication bypass vulnerability was found in the verify_email_enabled feature of Grafana. Even when enabled, this configuration option does not fully enforce email verification. This issue could allow a remote attacker that has authenticated with basic credentials to change the email address to use an unverified address. Successful exploitation could allow evasion of an organization's email domain filtering rules. An example of this is permitting a user in blocklisted countries or service providers to utilize a service.
Statement: Use of Gra
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27fhttps://grafana.com/security/security-advisories/cve-2023-6152/https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27fhttps://grafana.com/security/security-advisories/cve-2023-6152/https://security.netapp.com/advisory/ntap-20250214-0008/
2024-02-13
Published