BIT-grafana-2023-6152

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2023-6152.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-grafana-2023-6152
Aliases
Published
2024-03-12T08:24:38.577Z
Modified
2024-09-30T09:34:51.259Z
Summary
[none]
Details

A user changing their email after signing up and verifying it can change it without verification in profile settings.The configuration option "verifyemailenabled" will only validate email only on sign up.

Database specific
{
    "cpes": [
        "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:grafana:grafana:*:*:*:*:*:go:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / grafana

Package

Name
grafana
Purl
pkg:bitnami/grafana

Severity

  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.5.0
Fixed
9.5.16
Introduced
10.0.0
Fixed
10.0.11
Introduced
10.1.0
Fixed
10.1.7
Introduced
10.2.0
Fixed
10.2.4
Introduced
10.3.0
Fixed
10.3.3