CVE-2023-6152 — Vulnetix

CVE-2023-6152 PUBLISHED

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

EPSS 0.22% · 44.5th percentile

Risk Scores

EPSS Score

0.22%

44.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	10.3.0, 2.5.0, 10.0.0
Bitnami	grafana	2.5.0, 10.0.0, 10.1.0

Timeline

Feb 13, 2024 CVE Published
Feb 13, 2024 PoC Published
Feb 13, 2024 PoC Published
Feb 14, 2024 EPSS Score
Mar 12, 2024 EPSS Score
Apr 8, 2024 EPSS Score
Apr 12, 2024 PoC Published
May 5, 2024 EPSS Score
Jun 1, 2024 EPSS Score
Jun 28, 2024 EPSS Score
Jul 25, 2024 EPSS Score
Aug 21, 2024 EPSS Score

References

https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f url
https://grafana.com/security/security-advisories/cve-2023-6152/ url
https://security.netapp.com/advisory/ntap-20250214-0008/ url
https://nvd.nist.gov/vuln/detail/CVE-2023-6152 url

Open in Interactive Console →