BIT-grafana-2025-3260
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2025-3260.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-grafana-2025-3260
- Aliases
-
- CVE-2025-3260
- GHSA-3px7-c4j3-576r
- GO-2025-3740
- Published
- 2025-06-04T14:44:55.391Z
- Modified
- 2025-06-09T18:41:57.922707Z
- Summary
- [none]
- Details
-
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1).
Impact:
Viewers can view all dashboards/folders regardless of permissions
Editors can view/edit/delete all dashboards/folders regardless of permissions
Editors can create dashboards in any folder regardless of permissions
Anonymous users with viewer/editor roles are similarly affected
Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.
- Database specific
{ "cpes": [ "cpe:2.3:a:grafana:grafana:*:*:*:*:*:go:*:*" ], "severity": "High" }- References
Affected packages
Bitnami / grafana
Package
- Name
- grafana
- Purl
- pkg:bitnami/grafana
Severity
- 8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator