cbcvebase.
CVE-2023-6152
published 2024-02-13

CVE-2023-6152: A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option…

PriorityP427medium5.4CVSS 3.1
AVNACLPRLUINSUCNILAL
EPSS
1.39%
68.8th percentile
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

Affected

20 ranges
VendorProductVersion rangeFixed in
github.comgrafana_grafana>= 10.0.0 < 10.0.1110.0.11
github.comgrafana_grafana>= 10.1.0 < 10.1.710.1.7
github.comgrafana_grafana>= 10.2.0 < 10.2.410.2.4
github.comgrafana_grafana>= 10.3.0 < 10.3.310.3.3
github.comgrafana_grafana>= 2.5.0 < 9.5.169.5.16
grafanagrafana<= 2.5.0
grafanagrafana
grafanagrafana
grafanagrafana
grafanagrafana
grafanagrafana>= 10.0.0 < 10.0.1110.0.11
grafanagrafana>= 10.1.0 < 10.1.710.1.7
grafanagrafana>= 10.2.0 < 10.2.410.2.4
grafanagrafana>= 10.3.0 < 10.3.310.3.3
grafanagrafana>= 2.5.0 < 9.5.169.5.16
grafanagrafana_enterprise>= 10.0.0 < 10.0.1110.0.11
grafanagrafana_enterprise>= 10.1.0 < 10.1.710.1.7
grafanagrafana_enterprise>= 10.2.0 < 10.2.410.2.4
grafanagrafana_enterprise>= 10.3.0 < 10.3.310.3.3
grafanagrafana_enterprise>= 2.5.0 < 9.5.169.5.16

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
osv5.4MEDIUM
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.