Vulnerabilities > CVE-2023-6152 - Incorrect Authorization vulnerability in Grafana
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
LOW Summary
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.