Main Vulnerability Database Vulnerabilities #VU72132

#VU72132 Improper Authentication in Grafana - CVE-2022-39229

Published: February 12, 2023

Vulnerability identifier: #VU72132

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-39229

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Grafana

Software vendor:
Grafana Labs

Description

The vulnerability allows a remote attacker to deny access to the application.

The vulnerability exists due to a logic error in the authentication process, where application allows usage of the same email address by different accounts. A remote user can set an existing email address that belongs to another user as their username and prevent that user from accessing the application.

Remediation

Install updates from vendor's website.

External links

https://github.com/grafana/grafana/commit/5644758f0c5ae9955a4e5480d71f9bef57fdce35
https://github.com/grafana/grafana/releases/tag/v9.1.8
https://github.com/grafana/grafana/security/advisories/GHSA-gj7m-853r-289r

#VU72132 Improper Authentication in Grafana - CVE-2022-39229

Description

Remediation

External links

Please verify you're human