TencentOS Server 4: grafana (TSSA-2025:0596)

🗓️ 15 Aug 2025 00:00:00Reported by TenableType

TencentOS Server 4 Grafana: admin deletion risk, viewer exposure, input validation; update packages

Reporter	Title	Published	Views	Family All 263
FreeBSD	Grafana -- DingDing contact points exposed in Grafana Alerting	5 Apr 202500:00	–	freebsd
FreeBSD	Grafana -- User deletion issue	15 Apr 202500:00	–	freebsd
ATTACKERKB	CVE-2025-4123	22 May 202500:00	–	attackerkb
AlpineLinux	CVE-2025-1088	18 Jun 202510:15	–	alpinelinux
AlpineLinux	CVE-2025-3415	17 Jul 202511:15	–	alpinelinux
AlpineLinux	CVE-2025-3580	23 May 202514:15	–	alpinelinux
AlpineLinux	CVE-2025-4123	22 May 202508:15	–	alpinelinux
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to the Authorization Bypass Through User-Controlled Key in Grafana (CVE-2024-10452)	29 Jul 202521:08	–	ibm
Chainguard	CVE-2024-10452 vulnerabilities	7 Jan 202601:29	–	cgr
Circl	CVE-2024-10452	29 Oct 202418:07	–	circl

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20250596.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2025:0596.
##

include('compat.inc');

if (description)
{
  script_id(249979);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/04");

  script_cve_id(
    "CVE-2024-10452",
    "CVE-2025-1088",
    "CVE-2025-3415",
    "CVE-2025-3580"
  );

  script_name(english:"TencentOS Server 4: grafana (TSSA-2025:0596)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 4 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0596 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2025-1088:
    An access control vulnerability was discovered in Grafana OSS where an Organization administrator could
    permanently delete the Server administrator account. This vulnerability exists in the DELETE
    /api/org/users/ endpoint.

    The vulnerability can be exploited when:

    1. An Organization administrator exists

    2. The Server administrator is either:

     - Not part of any organization, or
     - Part of the same organization as the Organization administrator
    Impact:

    - Organization administrators can permanently delete Server administrator accounts

    - If the only Server administrator is deleted, the Grafana instance becomes unmanageable

    - No super-user permissions remain in the system

    - Affects all users, organizations, and teams managed in the instance

    The vulnerability is particularly serious as it can lead to a complete loss of administrative control over
    the Grafana instance.

    CVE-2024-10452:
    Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing
    integration was not properly protected and could be exposed to users with Viewer permission.
    Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,
    11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01

    CVE-2025-3580:
    In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become
    unresponsive due to Improper Input Validation vulnerability in Grafana.
    This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

    CVE-2025-3415:
    Organization admins can delete pending invites created in an organization they are not part of.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20250596.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-10452");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/08/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:grafana");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 4.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'grafana-10.2.6-12.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'grafana-10.2.6-12.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'grafana-debuginfo-10.2.6-12.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'grafana-debuginfo-10.2.6-12.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'grafana-debugsource-10.2.6-12.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'grafana-debugsource-10.2.6-12.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana / grafana-debuginfo / grafana-debugsource');
}

04 Dec 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.12.7 - 5.5

EPSS0.00438

SSVC