3 matches found
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: Security issues fixed: CVE-2025-4123: Fix cross-site scripting vulnerability bsc1243714. CVE-2025-22872: Bump golang.org/x/net/html bsc1241809 CVE-2025-3580: Prevent unauthorized...
CVE-2025-3580
An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...
CVE-2025-3580
CVE-2025-3580 (Grafana Open Source) : An access-control flaw in the DELETE /api/org/users/ endpoint allows an Organization administrator to permanently delete the Server administrator account. If the sole Server admin is deleted, the Grafana instance becomes unmanageable with no super-user permis...