6 matches found
CVE-2025-3260 vulnerabilities
Vulnerabilities for packages: grafana-fips...
Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)
The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...
CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
CVE-2025-3260
A flaw was found in Grafana. This vulnerability allows users with Viewer or Editor roles to access or modify dashboards without proper permissions. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...
CVE-2025-3260
creationtimestamp| type| source ---|---|--- 2025-04-23 08:30:30+00:00| seen| https://bsky.app/profile/grafana.bsky.social/post/3lnhroytxvs2w 2025-04-23 10:38:14+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lnhytg4c222p 2025-04-24 04:58:39+00:00| seen|...