CVE-2023-3128

CRITICAL

Grafana - Auth Bypass

Title source: llm

Description

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Exploits (1)

nomisec SCANNER

by spyata123 · poc

https://github.com/spyata123/CVE-2023-3128

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp

[Vendor Advisory] https://grafana.com/security/security-advisories/cve-2023-3128/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20230714-0004/

Scores

CVSS v3 9.4

EPSS 0.0188

EPSS Percentile 83.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Details

CWE

CWE-290

Status published

Products (2)

grafana/grafana 6.7.0 - 8.5.27 (2 CPE variants)

grafana/grafana 9.4.0 - 9.4.13Go

Published Jun 22, 2023

Tracked Since Feb 18, 2026