Vulnerabilities > CVE-2023-6152 - Incorrect Authorization vulnerability in Grafana

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

grafana

CWE-863

NVD

Published: 2024-02-13

Updated: 2025-02-15

Summary

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

Vulnerable Configurations

Part	Description	Count
Application	Grafana Grafana Grafana 10.1.0 Grafana Grafana 10.2.0 Grafana Grafana 10.3.0 Grafana Grafana 10.0.0 Grafana Grafana - Grafana Grafana 1.0 Grafana Grafana 1.0.1 Grafana Grafana 1.0.2 Grafana Grafana 1.0.3 Grafana Grafana 1.0.4 Grafana Grafana 1.1.0 Grafana Grafana 1.2.0 Grafana Grafana 1.2.1 Grafana Grafana 1.3.0 Grafana Grafana 1.4.0 Grafana Grafana 1.5.0 Grafana Grafana 1.5.1 Grafana Grafana 1.5.2 Grafana Grafana 1.5.3 Grafana Grafana 1.5.4 Grafana Grafana 1.6.0 Grafana Grafana 1.6.1 Grafana Grafana 1.7.0 Grafana Grafana 1.8.0 Grafana Grafana 1.8.1 Grafana Grafana 1.9.0 Grafana Grafana 1.9.1 Grafana Grafana 2.0.0 Grafana Grafana 2.0.1 Grafana Grafana 2.0.2 Grafana Grafana 2.1.0 Grafana Grafana 2.1.1 Grafana Grafana 2.1.2 Grafana Grafana 2.1.3 Grafana Grafana 2.5.0	72

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References