Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LGrafana
APPGrafana6.7.0 – 8.5.27 (bez)9.2.0 – 9.2.20 (bez)9.3.0 – 9.3.16 (bez)9.4.0 – 9.4.13 (bez)9.5.0 – 9.5.4 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
Referencje
Powiązane podatności
CVE-2021-39226CRITICAL9.8⚠ KEVten sam produkt
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated ...
CVE-2026-27876CRITICAL9.1PL ✓ten sam produkt
RCE w Grafana przez SQL Expressions i plugin Enterprise (CVE-2026-27876)
CVE-2025-41115CRITICAL10.0PL ✓ten sam produkt
Grafana Enterprise: privilege escalation przez SCIM provisioning (LPE)
CVE-2024-9264CRITICAL9.4PL ✓ten sam produkt
Grafana: command injection i local file inclusion przez SQL Expressions (duckdb)
CVE-2022-39328CRITICAL9.8ten sam produkt
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less tha...