Grafana is vulnerable to authentication bypass vulnerability. The vulnerability is specififc to Grafana deployments configured to use Azure AD OAuth for user authentication with a multi-tenant Azure application and without restrictions on which user groups can authenticate (via the ‘allowed_groups’ configuration). Graphana authenticates Azure AD accounts based on the email address configured in the associated ‘profile email’ setting. However , this setting is not unique across all Azure AD tenants, allowing attackers to create Azure AD accounts with the same email address as legitimate Grafana users and use them to hijack accounts.Read More