CVE-2023-3128

CRITICAL

Grafana - Auth Bypass

Title source: llm

Description

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Exploits (1)

nomisec SCANNER

by spyata123 · poc

https://github.com/spyata123/CVE-2023-3128

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp

[Vendor Advisory] https://grafana.com/security/security-advisories/cve-2023-3128/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20230714-0004/

Scores

CVSS v3 9.4

EPSS 0.0188

EPSS Percentile 82.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Classification

CWE

CWE-290

Status published

Affected Products (3)

grafana/grafana < 8.5.27

grafana/grafana < 8.5.27

grafana/grafana < 9.4.13Go

Timeline

Published Jun 22, 2023

Tracked Since Feb 18, 2026