← Back

CVE-2023-2183

nvd nist
Published: Jun 6, 2023Modified: Feb 13, 2025

JSON object

Loading...
6.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Exploitability: 3.1 / Impact: 2.7
Source: NVD

Description

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.

Affected (5)

Products: Grafana: Grafana
Grafana
1 product
Grafana
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Grafana
Grafana
From 8.0.0 to 8.5.26
Grafana
From 9.0.0 to 9.2.19
Grafana
From 9.3.0 to 9.3.15
Grafana
From 9.4.0 to 9.4.12
Grafana
From 9.5.0 to 9.5.3

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

Source: security@grafana.com
ExploitThird Party Advisory
Source: security@grafana.com
Vendor Advisory
Source: security@grafana.com
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.