CVE-2023-6152

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-6152
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6152.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6152
Aliases
Related
Published
2024-02-13T22:15:45Z
Modified
2024-10-22T03:04:51.423113Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

A user changing their email after signing up and verifying it can change it without verification in profile settings.

The configuration option "verifyemailenabled" will only validate email only on sign up.

References

Affected packages

Git / github.com/grafana/grafana

Affected ranges

Type
GIT
Repo
https://github.com/grafana/grafana
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected
Last affected

Affected versions

v1.*

v1.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v1.7.0
v1.7.0-rc1
v1.8.0
v1.8.0-rc1
v1.8.1
v1.9.0
v1.9.0-rc1
v1.9.1

v2.*

v2.0.0-beta1
v2.0.0-beta3
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.5.0