Lucene search
K

22 matches found

SUSE CVE
SUSE CVE
added 2026/05/20 3:0 a.m.9 views

SUSE CVE-2025-12141

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

4.3CVSS5.7AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/04/18 8:40 a.m.7 views

BIT-GRAFANA-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/16 6:15 a.m.4 views

CVE-2025-12141

A flaw was found in Grafana's alerting system. Users with editor permissions, specifically those able to write or test alert notifications, can modify contact points created by other users. By changing the endpoint URL to a controlled server and triggering the test functionality, an attacker can...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-12141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions alert.notifications:write or...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/15 6:31 p.m.5 views

EUVD-2025-209475

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 2:59 p.m.32 views

CVE-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

5.3CVSS0.00255EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/15 2:59 p.m.4 views

CVE-2025-12141

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References1
Grafana
Grafana
added 2025/12/16 12:0 a.m.16 views

Information Leakage in Grafana Alerting

In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...

6.5CVSS5.8AI score0.00255EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-0215

Malicious code in bioql PyPI...

4.3CVSS5.9AI score0.00368EPSS
Exploits0References6
Grafana
Grafana
added 2025/07/17 12:0 a.m.10 views

Grafana Alerting DingDing Integration URL Exposed to Viewers

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

4.3CVSS6.3AI score0.0089EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/24 11:45 a.m.7 views

CVE-2025-3415

A flaw exists in Grafana Alerting, where the DingDing contact-point integration URL can be revealed in plain text to users with viewer-level permissions due to misconfigured access control. This disclosure permits unauthorized users to view sensitive webhook URLs, including API tokens or keys,...

4.3CVSS6.6AI score0.0089EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/19 12:0 a.m.8 views

FreeBSD : Grafana -- DingDing contact points exposed in Grafana Alerting (6548cb01-4c33-11f0-8a97-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6548cb01-4c33-11f0-8a97-6c3be5272acd advisory. Grafana Labs reports: An incident occurred where the DingDing alerting integration URL was inadvertentl...

4.3CVSS5.6AI score0.0089EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.6 views

PT-2025-25459

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A medium-severity flaw in Grafana Alerting exposes sensitive DingDing contact point URLs to viewers. This issue may lead to data exposure. Recommendations Update to a patched version to resol...

8.6CVSS6.9AI score0.03711EPSS
Exploits1References219
BDU FSTEC
BDU FSTEC
added 2025/03/10 12:0 a.m.9 views

The vulnerability of the software platform for integrating Grafana Alerting VictorOps, related to information disclosure, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Grafana Alerting VictorOps software platform relates to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

4.3CVSS6.3AI score0.00368EPSS
Exploits0References5Affected Software4
OSV
OSV
added 2025/02/04 10:6 p.m.10 views

GO-2025-3438 Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

4.3CVSS4.6AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 2025/01/31 6:31 p.m.165 views

GHSA-WXCC-2F3Q-4H58 Grafana Alerting VictorOps integration could be exposed to users with Viewer permission

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...

4.3CVSS4.6AI score0.00368EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/01/31 6:31 p.m.174 views

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...

4.3CVSS4.5AI score0.00368EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2025/01/31 4:15 p.m.2 views

CVE-2024-11741

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...

4.3CVSS7AI score0.00368EPSS
Exploits0References2
NVD
NVD
added 2025/01/31 4:15 p.m.20 views

CVE-2024-11741

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...

4.3CVSS0.00368EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/31 3:12 p.m.12 views

CVE-2024-11741

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...

4.3CVSS4.5AI score0.00368EPSS
Exploits0References1
Rows per page
Query Builder