Incorrect Authorization Affecting github.com/grafana/grafana/pkg/api package, versions >=2.5.0 <9.5.16 >=10.0.0 <10.0.11 >=10.1.0 <10.1.7 >=10.2.0 <10.3.3
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMGRAFANAGRAFANAPKGAPI-6245716
- published 14 Feb 2024
- disclosed 13 Feb 2024
- credit Alexandre Negrel
Introduced: 13 Feb 2024
CVE-2023-6152 Open this link in a new tabHow to fix?
Upgrade github.com/grafana/grafana/pkg/api to version 9.5.16, 10.0.11, 10.1.7, 10.3.3 or higher.
Overview
github.com/grafana/grafana/pkg/api is an open and composable observability and data visualization platform.
Affected versions of this package are vulnerable to Incorrect Authorization when changing an email address in the user profile update process. An attacker can bypass email verification and prevent the legitimate owner of an email address from signing up by changing their email address after initial signup without verification or by setting their username as an email address, which is not properly validated against existing users.