CVE-2023-2183 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-2183 PUBLISHED

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.

EPSS 0.88% · 75.2th percentile

Risk Scores

EPSS Score

0.88%

75.2th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	8.0.0, 9.0.0, 9.4.0
Bitnami	grafana	8.0.0, 9.0.0, 9.3.0

Timeline

Jun 6, 2023 CVE Published
Jun 7, 2023 EPSS Score
Jul 12, 2023 EPSS Score
Aug 16, 2023 EPSS Score
Sep 21, 2023 EPSS Score
Oct 26, 2023 EPSS Score
Jan 4, 2024 EPSS Score
Feb 8, 2024 EPSS Score
Mar 15, 2024 EPSS Score
Apr 19, 2024 EPSS Score
May 24, 2024 EPSS Score
Jun 28, 2024 EPSS Score

References

Open in Interactive Console →