Vulnerabilities > CVE-2023-6152 - Incorrect Authorization vulnerability in Grafana

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
LOW
network
low complexity
grafana
CWE-863

Summary

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

Common Weakness Enumeration (CWE)