====================================================================
                              CERT-Renater

                   Note d'Information No. 2023/VULN234

_____________________________________________________________________

DATE                : 29/06/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Grafana versions prior to
                           9.4.13, 9.3.16, 9.2.20, 8.5.27.

====================================================================
https://github.com/advisories/GHSA-mpv3-g8m3-3fjc
_____________________________________________________________________


Grafana vulnerable to Authentication Bypass by Spoofing
Critical severity GitHub Reviewed Published Jun 22, 2023 to the GitHub 
Advisory Database • Updated Jun 27, 2023


Vulnerability details


Package
github.com/grafana/grafana (Go)


Affected versions
 >= 9.4.0, < 9.4.13
 >= 9.3.0, < 9.3.16
 >= 9.0.0, < 9.2.20
< 8.5.27


Patched versions
9.4.13
9.3.16
9.2.20
8.5.27


Description

Grafana is validating Azure AD accounts based on the email claim.

On Azure AD, the profile email field is not unique and can be
easily modified.

This leads to account takeover and authentication bypass when
Azure AD OAuth is configured with a multi-tenant app.


References

     https://nvd.nist.gov/vuln/detail/CVE-2023-3128
     https://grafana.com/security/security-advisories/cve-2023-3128/
 
https://github.com/grafana/grafana/blob/69fc4e6bc0be2a82085ab3885c2262a4d49e97d8/CHANGELOG.md

Published to the GitHub Advisory Database Jun 22, 2023
Reviewed Jun 23, 2023
Last updated Jun 27, 2023


Severity
Critical

9.4/ 10

CVSS base metrics

Attack vector
Network

Attack complexity
Low

Privileges required
None

User interaction
None

Scope
Unchanged

Confidentiality
High

Integrity
High

Availability
Low

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Weaknesses
CWE-290

CVE ID
CVE-2023-3128

GHSA ID
GHSA-mpv3-g8m3-3fjc

Source code
grafana/grafana


========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
========================================================