CVE-2023-6152

Published February 13th, 2024

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.

grafana-cold-storage/bugbounty

Grafana Labs bug bounty

GitHub