CVE-2023-6152 Information

Description

A user changing their email after signing up and verifying it can change it without verification in profile settings.

The configuration option erify_email_enabled\ will only validate email only on sign up.

Reference

https://grafana.com/security/security-advisories/cve-2023-6152/ https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f