CVE-2023-3128

CRITICAL

Grafana 6.7.0-8.5.26 and 9.4.0-9.4.12 - Authentication Bypass via Azure AD Email Claim Spoofing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-3128. PoCs published by spyata123.

AI-analyzed exploit summary The repository contains a Python script that checks for CVE-2023-3128, an authentication bypass vulnerability in Grafana due to improper Azure AD email claim validation. The script verifies if Azure AD SSO is configured and flags potential vulnerability without exploiting it.

Description

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Exploits (1)

nomisec SCANNER
by spyata123 · poc
https://github.com/spyata123/CVE-2023-3128

The repository contains a Python script that checks for CVE-2023-3128, an authentication bypass vulnerability in Grafana due to improper Azure AD email claim validation. The script verifies if Azure AD SSO is configured and flags potential vulnerability without exploiting it.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Grafana <9.5.5
No auth needed
Prerequisites: Target Grafana instance with Azure AD SSO enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.4
EPSS 0.0188
EPSS Percentile 83.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-290
Status published
Products (2)
grafana/grafana 6.7.0 - 8.5.27 (2 CPE variants)
grafana/grafana 9.4.0 - 9.4.13Go
Published Jun 22, 2023
Tracked Since Feb 18, 2026