Lucene search

K
cve[email protected]CVE-2023-6152
HistoryFeb 13, 2024 - 10:15 p.m.

CVE-2023-6152

2024-02-1322:15:45
CWE-863
web.nvd.nist.gov
58
20
cve-2023-6152
email verification
user profile
security vulnerability
nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

A user changing their email after signing up and verifying it can change it without verification in profile settings.

The configuration option “verify_email_enabled” will only validate email only on sign up.

CNA Affected

[
  {
    "product": "Grafana",
    "vendor": "Grafana",
    "versions": [
      {
        "lessThan": "9.5.16",
        "status": "affected",
        "version": "2.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.0.11",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.1.7",
        "status": "affected",
        "version": "10.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.2.4",
        "status": "affected",
        "version": "10.2.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.3.3",
        "status": "affected",
        "version": "10.3.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "product": "Grafana Enterprise",
    "vendor": "Grafana",
    "versions": [
      {
        "lessThan": "9.5.16",
        "status": "affected",
        "version": "2.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.0.11",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.1.7",
        "status": "affected",
        "version": "10.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.2.4",
        "status": "affected",
        "version": "10.2.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.3.3",
        "status": "affected",
        "version": "10.3.0",
        "versionType": "semver"
      }
    ]
  }
]

Social References

More

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%