Grafana

Grafana Identity Authentication Bypass Vulnerability (CVS 2023-3128) Notification

June 30, 2023

Overview Recently, NSFOCUS CERT detected a vulnerability in Grafana’s authentication bypass (CVE-2023-3128). Azure AD can support multiple users with the same email address. When configuring Azure AD to support multiple users, unauthenticated attackers can exploit this vulnerability by creating malicious email account requests. Due to Grafana’s failure to uniquely authenticate Azure AD email accounts based […]

Search

Subscribe to the NSFOCUS Blog