Itaykrk

**Name of the Vulnerable Software and Affected Versions** Grafana (affected versions not specified) **Description** The issue is related to Grafana validating Azure AD accounts based on the email claim. Since the profile email field in Azure AD is not unique and can be easily modified, this leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. An attacker can spoof the profile email field and hijack the account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.