57 matches found
Grafana - Exposes DingDing API Keys
An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight in versions below or equals to 12.0.1. id: CVE-2025-3415 info: name: Grafana - Exposes DingDing API Keys author: lucasribolli severity: medium description: | An inciden...
Security update for grafana
This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...
cbs-sentry-dingding (=1.0.24), cbs-sentry-qyweixin (=1.0.1) +47 more potentially affected by CVE-2026-26004 via sentry (=20.8.0)
sentry PYPI version =20.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on sentry and may be impacted: - cbs-sentry-dingding =1.0.24 - cbs-sentry-qyweixin =1.0.1 - csnp =0.0.5, =1.0.0, =0.2.4, =1.0.0, =0.1.0, =0.4.0, =0.1.0, =0.2.0 and more Source cve...
CVE-2026-22639
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
CVE-2026-22639
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-22639
...
CVE-2026-22639
CVE-2026-22639 (rejected per initial description) concerns Grafana’s Alerting DingDing integration. Multiple connected sources describe an exposure where the integration could be accessed by users with Viewer permissions due to insufficient protection. Fixes are published in Grafana releases 10.4...
CVE-2026-22639
...
PT-2026-3006
Name of the Vulnerable Software and Affected Versions Grafana versions prior to 10.4.19+security-01 Grafana versions prior to 11.2.10+security-01 Grafana versions prior to 11.3.7+security-01 Grafana versions prior to 11.4.5+security-01 Grafana versions prior to 11.5.5+security-01 Grafana versions...
CVE-2023-50773
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
VulnCheck KEV: CVE-2025-3415
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
GO-2025-3814 Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana
Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the DingDing alert integration. An attacker can access sensitive information by leveraging Viewer-level permissions to interact with the integration. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the DingDing alert integration. An attacker can access sensitive information by leveraging Viewer-level permissions to interact with the integration. Remediation Upgrade...
Grafana's insecure DingDing Alert integration exposes sensitive information
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
GHSA-46M5-8HPJ-P5P5 Grafana's insecure DingDing Alert integration exposes sensitive information
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
CVE-2025-3415
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
CVE-2025-3415
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
UBUNTU-CVE-2025-3415
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
CVE-2025-3415
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...