Moderate severityNVD Advisory· Published Jun 6, 2023· Updated Feb 13, 2025
CVE-2023-2183
CVE-2023-2183
Description
Grafana is an open-source platform for monitoring and observability.
The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.
This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.
Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/grafana/grafanaGo | < 8.5.26 | 8.5.26 |
github.com/grafana/grafanaGo | >= 9.0.0, < 9.2.19 | 9.2.19 |
github.com/grafana/grafanaGo | >= 9.3.0, < 9.3.15 | 9.3.15 |
github.com/grafana/grafanaGo | >= 9.4.0, < 9.4.12 | 9.4.12 |
github.com/grafana/grafanaGo | >= 9.5.0, < 9.5.3 | 9.5.3 |
Affected products
2- Grafana/Grafana Enterprisev5Range: 8.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-cvm3-pp2j-chr3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-2183ghsaADVISORY
- github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3ghsaWEB
- grafana.com/security/security-advisories/cve-2023-2183ghsaWEB
- grafana.com/security/security-advisories/cve-2023-2183/mitre
- security.netapp.com/advisory/ntap-20230706-0002/mitre
News mentions
0No linked articles in our index yet.