{"id":"UBUNTU-CVE-2023-2183","details":"Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.","modified":"2025-10-24T05:01:16Z","published":"2023-06-06T19:15:00Z","upstream":["CVE-2023-2183"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-2183"},{"type":"REPORT","url":"https://grafana.com/security/security-advisories/cve-2023-2183/"},{"type":"REPORT","url":"https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-2183"}],"affected":[{"package":{"name":"grafana","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/grafana@2.6.0+dfsg-1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.6.0+dfsg-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.6.0+dfsg-1","binary_name":"grafana"},{"binary_version":"2.6.0+dfsg-1","binary_name":"grafana-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-2183.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}