4 matches found
Grafana Labs < 10.4.17+security-01, 11.2.8+security-01, 11.3.5+security-01, 11.4.3+security-01, 11.5.3+security-01, 11.6.0+security-01 Improper Authorization (CVE-2025-3454)
The version of Grafana Labs installed on the remote host is affected by improper authorization vulnerability as referenced in the CVE-2025-3454 advisory. - This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: Security issues fixed: CVE-2025-4123: Fix cross-site scripting vulnerability bsc1243714. CVE-2025-22872: Bump golang.org/x/net/html bsc1241809 CVE-2025-3580: Prevent unauthorized...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
creationtimestamp| type| source ---|---|--- 2025-04-23 08:30:30+00:00| seen| https://bsky.app/profile/grafana.bsky.social/post/3lnhroytxvs2w 2025-04-23 10:38:14+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lnhytg4c222p 2025-04-26 10:03:20+00:00| seen|...