Email verification is not required after email change

CVE ID: CVE-2023-6152

Date Published: February 13, 2024


Grafana is an open-source platform for monitoring and observability. A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option “verify_email_enabled” will only validate email only on sign up. This issue has been patched in versions 10.3.3, 10.2.4, 10.1.7, 10.0.11 and 9.5.16.