{"id":"CVE-2023-2183","details":"Grafana is an open-source platform for monitoring and observability. \n\nThe option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.\n\nThis might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.\n\nUsers may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.","aliases":["BIT-grafana-2023-2183","GHSA-cvm3-pp2j-chr3"],"modified":"2026-03-14T22:50:19.396780Z","published":"2023-06-06T19:15:11.277Z","related":["CGA-f954-7g7g-7g59","GHSA-cvm3-pp2j-chr3","SUSE-SU-2023:2915-1","SUSE-SU-2023:2916-1","SUSE-SU-2023:2917-1","SUSE-SU-2023:3136-1","SUSE-SU-2024:0191-1","SUSE-SU-2024:0196-1","openSUSE-SU-2024:13027-1"],"references":[{"type":"ADVISORY","url":"https://grafana.com/security/security-advisories/cve-2023-2183/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230706-0002/"},{"type":"EVIDENCE","url":"https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grafana/grafana","events":[{"introduced":"41f0542c1ec16ce93b336a9f5cf6eef1aba898d0"},{"fixed":"e4fd9da88e70c58b314b290a19f2a583500bf1a6"},{"introduced":"b5c56f63710e09f37b8557ddd8b99ae3fc583169"},{"fixed":"7078e75abf89816c0910592dac01ee6db5f39bf3"},{"introduced":"e9cb2a313ecc5a8e3cfeca7d2b7df2878802096e"},{"fixed":"8f0a89e8188b61dfc766a8c561be60f2be8ac167"},{"introduced":"dbb869b17343d20a73521ada8ff61d639abe23b7"},{"fixed":"37ee25ba46e426bd2bcf45b8174af4fe88baeef7"},{"introduced":"efe95b4c213a64acd9566f658b21fb6c11597b32"},{"fixed":"916d9793aa81c2990640b55a15dee0db6b525e41"}],"database_specific":{"versions":[{"introduced":"8.0.0"},{"fixed":"8.5.26"},{"introduced":"9.0.0"},{"fixed":"9.2.19"},{"introduced":"9.3.0"},{"fixed":"9.3.15"},{"introduced":"9.4.0"},{"fixed":"9.4.12"},{"introduced":"9.5.0"},{"fixed":"9.5.3"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2183.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}]}