Lucene search
+L

7 matches found

OSV
OSV
added 2026/04/18 8:40 a.m.9 views

BIT-GRAFANA-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/16 6:15 a.m.6 views

CVE-2025-12141

A flaw was found in Grafana's alerting system. Users with editor permissions, specifically those able to write or test alert notifications, can modify contact points created by other users. By changing the endpoint URL to a controlled server and triggering the test functionality, an attacker can...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 4:11 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via “Contact Point Writer” role that by default grants permission to alert.notifications:write or alert.notifications.receivers:test actions. An attacker can gain unauthorized access to sensitive configuration data,...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 4:11 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via “Contact Point Writer” role that by default grants permission to alert.notifications:write or alert.notifications.receivers:test actions. An attacker can gain unauthorized access to sensitive configuration data,...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 2:59 p.m.69 views

CVE-2025-12141

CVE-2025-12141 affects Grafana Alerting: users with edit permissions on a contact point (alert.notifications:write or alert.notifications.receivers:test) granted via the fixed role Contact Point Writer within the Editor role can modify destinations of contact points created by others. An attacker...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/15 2:59 p.m.39 views

CVE-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

5.3CVSS0.00255EPSS
Exploits0References1
Grafana
Grafana
added 2025/12/16 12:0 a.m.19 views

Information Leakage in Grafana Alerting

In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...

6.5CVSS5.8AI score0.00255EPSS
Exploits0
Rows per page
Query Builder