Grafana — Account takeover / authentication bypass

Grafana Labs reports: Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Gr ...

Continue Reading
Microsoft Azure AD flaw can lead to account takeover

[Researchers have found]() that a flaw in Microsoft Azure AD can be used by attackers to take over accounts that rely on pre-established trust. In a nutshell, Microsoft Azure AD allows you to change t ...

Continue Reading
Grafana vulnerable to Authentication Bypass by Spoofing

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication byp ...

Continue Reading
F5 Networks BIG-IP : BIG-IP APM OAuth vulnerability (K20717585)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3. It is, therefore, affected by a vulnerability as referenced in the K20717585 advisory. - On version 14.1.x before ...

Continue Reading
Description of the security update for SharePoint Server 2019: June 13, 2023 (KB5002402)

None ## Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability, Microsoft SharePoint denial of service vulnerability, and Microsoft SharePoint Server ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

Security Bulletin: Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass (CVE-2021-22573)

## Summary Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass. IBM QRadar SIEM has addressed the applicable vulnerability. ## Vulnerability Details ** ...

Continue Reading

CVSS3 - HIGH

CVSS2 - LOW

CVE-2023-3128

A flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeo ...

Continue Reading
CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication byp ...

Continue Reading

Back to Main

Subscribe for the latest news: