Grafana is validating Azure AD accounts based on the email claim.
On Azure AD, the profile email field is not unique and can be easily modified.
This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
References
Link | Resource |
---|---|
https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp | Vendor Advisory |
https://grafana.com/security/security-advisories/cve-2023-3128/ | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230714-0004/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GRAFANA
Published: 2023-06-22T20:14:00.805Z
Updated: 2023-07-06T08:24:09.716Z
Reserved: 2023-06-06T15:02:55.259Z
Link: CVE-2023-3128
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-22T21:15:09.573
Modified: 2023-07-21T19:19:27.410
Link: CVE-2023-3128
JSON object: View
Redhat Information
No data.
CWE