CVE-2023-3128 : Grafana is validating Azure AD accounts based on the email claim. On Azure AD,

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Published 2023-06-22 21:15:10

Updated 2025-02-13 17:16:55

Source Grafana Labs

View at NVD, CVE.org

Products affected by CVE-2023-3128

Grafana » Grafana » Enterprise Edition
Versions from including (>=) 6.7.0 and before (<) 8.5.27
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
Matching versions
Grafana » Grafana »
Versions from including (>=) 9.3.0 and before (<) 9.3.16
cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*
Matching versions
Grafana » Grafana » Enterprise Edition
Versions from including (>=) 9.4.0 and before (<) 9.4.13
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
Matching versions
Grafana » Grafana »
Versions from including (>=) 6.7.0 and before (<) 8.5.27
cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*
Matching versions
Grafana » Grafana »
Versions from including (>=) 9.5.0 and before (<) 9.5.4
cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*
Matching versions
Grafana » Grafana » Enterprise Edition
Versions from including (>=) 9.3.0 and before (<) 9.3.16
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
Matching versions
Grafana » Grafana »
Versions from including (>=) 9.4.0 and before (<) 9.4.13
cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*
Matching versions
Grafana » Grafana »
Versions from including (>=) 9.2.0 and before (<) 9.2.20
cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*
Matching versions
Grafana » Grafana » Enterprise Edition
Versions from including (>=) 9.5.0 and before (<) 9.5.4
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
Matching versions
Grafana » Grafana » Enterprise Edition
Versions from including (>=) 9.2.0 and before (<) 9.2.20
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-3128

EPSS FAQ

1.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-3128

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.4	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L	3.9	5.5	Grafana Labs
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: Low

CWE ids for CVE-2023-3128

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Assigned by:
- nvd@nist.gov (Primary)
- security@grafana.com (Secondary)

References for CVE-2023-3128

https://grafana.com/security/security-advisories/cve-2023-3128/

Grafana authentication bypass using Azure AD OAuth | Grafana Labs
Vendor Advisory
https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp

Authentication bypass / account takeover due to bad implementation of Azure AD OAuth · Advisory · grafana/bugbounty · GitHub
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230714-0004/

CVE-2023-3128 Grafana Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-3128

Products affected by CVE-2023-3128

Exploit prediction scoring system (EPSS) score for CVE-2023-3128

CVSS scores for CVE-2023-3128

CWE ids for CVE-2023-3128

References for CVE-2023-3128