CVE-2023-6152
EUVD-2024-048713.02.2024, 22:15
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| grafana | grafana | 𝑥 ≤ 2.5.0 |
| grafana | grafana | 10.0.0 |
| grafana | grafana | 10.1.0 |
| grafana | grafana | 10.2.0 |
| grafana | grafana | 10.3.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| grafana | grafana | 2.5.0 ≤ 𝑥 < 9.5.16 | ADP |
| grafana | grafana | 10.0.0 ≤ 𝑥 < 10.0.11 | ADP |
| grafana | grafana | 10.10 ≤ 𝑥 < 10.1.7 | ADP |
| grafana | grafana | 10.2.0 ≤ 𝑥 < 10.2.4 | ADP |
| grafana | grafana | 10.3.0 ≤ 𝑥 < 10.3.3 | ADP |
| grafana | grafana_enterprise | 2.5.0 ≤ 𝑥 < 9.5.16 | ADP |
| grafana | grafana_enterprise | 10.0.0 ≤ 𝑥 < 10.0.11 | ADP |
| grafana | grafana_enterprise | 10.10 ≤ 𝑥 < 10.1.7 | ADP |
| grafana | grafana_enterprise | 10.2.0 ≤ 𝑥 < 10.2.4 | ADP |
| grafana | grafana_enterprise | 10.3.0 ≤ 𝑥 < 10.3.3 | ADP |
Ubuntu Releases
References