Moderate severityNVD Advisory· Published Feb 13, 2024· Updated Feb 15, 2025
CVE-2023-6152
CVE-2023-6152
Description
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/grafana/grafanaGo | >= 2.5.0, < 9.5.16 | 9.5.16 |
github.com/grafana/grafanaGo | >= 10.0.0, < 10.0.11 | 10.0.11 |
github.com/grafana/grafanaGo | >= 10.1.0, < 10.1.7 | 10.1.7 |
github.com/grafana/grafanaGo | >= 10.2.0, < 10.2.4 | 10.2.4 |
github.com/grafana/grafanaGo | >= 10.3.0, < 10.3.3 | 10.3.3 |
Affected products
2- Grafana/Grafana Enterprisev5Range: 2.5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-3hv4-r2fm-h27fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6152ghsaADVISORY
- github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27fghsaWEB
- grafana.com/security/security-advisories/cve-2023-6152ghsaWEB
- security.netapp.com/advisory/ntap-20250214-0008ghsaWEB
- grafana.com/security/security-advisories/cve-2023-6152/mitre
News mentions
0No linked articles in our index yet.