Improper Authentication in Grafana - CVE-2023-3128
Published: June 22, 2023
Vulnerability identifier: #VU77652
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-3128
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Grafana Labs
Affected software:
Grafana
Grafana
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in Azure AD OAuth implementation. Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. A remote attacker can modify their profile and provide the email address of an existing Grafana user, bypass authentication process and gain unauthorized access to the application.
The vulnerability affects Grafana installations with Azure AD OAuth configured for a multi-tenant app.
How to mitigate CVE-2023-3128
Install updates from vendor's website.