CVS 2023-3128

Grafana Identity Authentication Bypass Vulnerability (CVS 2023-3128) Notification

junho 30, 2023

Overview Recently, NSFOCUS CERT detected a vulnerability in Grafana’s authentication bypass (CVE-2023-3128). Azure AD can support multiple users with the same email address. When configuring Azure AD to support multiple users, unauthenticated attackers can exploit this vulnerability by creating malicious email account requests. Due to Grafana’s failure to uniquely authenticate Azure AD email accounts based […]


Inscreva-se no Blog da NSFOCUS