CVE-2023-6152

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-6152
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6152.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-6152
Aliases
Downstream
Related
Published
2024-02-13T21:38:01.404Z
Modified
2026-05-18T05:58:44.369541260Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

A user changing their email after signing up and verifying it can change it without verification in profile settings.

The configuration option "verifyemailenabled" will only validate email only on sign up.

Database specific 
{
    "cwe_ids": [
        "CWE-863"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.5.0"
                },
                {
                    "fixed": "9.5.16"
                },
                {
                    "introduced": "10.0.0"
                },
                {
                    "fixed": "10.0.11"
                },
                {
                    "introduced": "10.1.0"
                },
                {
                    "fixed": "10.1.7"
                },
                {
                    "introduced": "10.2.0"
                },
                {
                    "fixed": "10.2.4"
                },
                {
                    "introduced": "10.3.0"
                },
                {
                    "fixed": "10.3.3"
                },
                {
                    "introduced": "2.5.0"
                },
                {
                    "fixed": "9.5.16"
                },
                {
                    "introduced": "10.0.0"
                },
                {
                    "fixed": "10.0.11"
                },
                {
                    "introduced": "10.1.0"
                },
                {
                    "fixed": "10.1.7"
                },
                {
                    "introduced": "10.2.0"
                },
                {
                    "fixed": "10.2.4"
                },
                {
                    "introduced": "10.3.0"
                },
                {
                    "fixed": "10.3.3"
                }
            ]
        }
    ],
    "cna_assigner": "GRAFANA",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6152.json"
}
References

Affected packages

Git / github.com/grafana/grafana

Affected ranges

Type
GIT
Repo
https://github.com/grafana/grafana
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6397b8c1ef60e96800e3e9c76ccabae4410bc088
Last affected
81d85ce8028dc54188e1f4482837d28f5fc7c797
Last affected
ff85ec33c56ffe567e6bde27473d9493eb70c743
Last affected
ae830f687450b8a0aca94ab2d72cc08853a80fff
Last affected
e010fbb08cfcd444924bc674035ac6286d8cdb88
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "last_affected": "10.0.0"
        },
        {
            "last_affected": "10.1.0"
        },
        {
            "last_affected": "10.2.0"
        },
        {
            "last_affected": "10.3.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:grafana:grafana:10.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:grafana:grafana:10.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:grafana:grafana:10.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:grafana:grafana:10.3.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

v0.*
v0.0.0-cloud
v0.0.1-test
v1.*
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v1.7.0-rc1
v1.9.0
v1.9.0-rc1
v1.9.1
v10.*
v10.0.0
v10.0.0-preview
v10.1.0
v10.2.0
v10.3.0
v2.*
v2.0.0-beta1
v2.0.0-beta3
v2.0.1
v2.0.2
v2.5.0
v2.6.0
v2.6.0-beta1
v3.*
v3.0.0-beta6
v3.0.0-beta7
v3.0.1
v3.0.2
v3.1.0-beta1
v3.2.1-test
v4.*
v4.4.0
v4.5.0
v4.5.0-beta1
v4.6.0-beta1
v5.*
v5.,2.4
v5.0.0
v5.0.0-beta1
v5.0.0-beta2
v5.0.0-beta3
v5.0.0-beta4
v5.0.0-beta5
v6.*
v6.0.0-beta1
v6.5
v8.*
v8.3.3
v8.4.0-beta1
v8.5.16
v9.*
v9.3.0-beta1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6152.json"