CVE-2023-6152

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6152

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6152.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-6152

Aliases

Downstream

SUSE-SU-2024:1419-1

SUSE-SU-2024:1427-1

SUSE-SU-2024:1508-1

SUSE-SU-2024:1509-1

SUSE-SU-2024:1530-1

SUSE-SU-2024:1530-2

SUSE-SU-2025:0524-1

SUSE-SU-2025:0525-1

SUSE-SU-2025:0545-1

UBUNTU-CVE-2023-6152

openSUSE-SU-2024:13713-1

Related

Published

2024-02-13T22:15:45.430Z

Modified

2025-11-15T15:29:52.867968Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

A user changing their email after signing up and verifying it can change it without verification in profile settings.

The configuration option "verifyemailenabled" will only validate email only on sign up.

References

Affected packages

Git / github.com/grafana/grafana

Affected ranges

Type: GIT
Repo: https://github.com/grafana/grafana
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6397b8c1ef60e96800e3e9c76ccabae4410bc088

Last affected

81d85ce8028dc54188e1f4482837d28f5fc7c797

Last affected

ae830f687450b8a0aca94ab2d72cc08853a80fff

Last affected

e010fbb08cfcd444924bc674035ac6286d8cdb88

Last affected

ff85ec33c56ffe567e6bde27473d9493eb70c743

Affected versions

v1.*

v1.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.6.0

v1.6.1

v1.7.0

v1.7.0-rc1

v1.8.0

v1.8.0-rc1

v1.8.1

v1.9.0

v1.9.0-rc1

v1.9.1

v2.*

v2.0.0-beta1

v2.0.0-beta3

v2.0.1

v2.0.2

v2.1.0

v2.1.1

v2.1.2

v2.5.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6152.json"