GHSA-wxcc-2f3q-4h58

Suggest an improvement

Source

https://github.com/advisories/GHSA-wxcc-2f3q-4h58

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-wxcc-2f3q-4h58

Aliases

Related

Published

2025-01-31T18:31:07Z

Modified

2025-02-05T16:33:44Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission

Details

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15

Database specific

{
    "nvd_published_at": "2025-01-31T16:15:30Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-31T21:06:23Z"
}

References

Affected packages

Go / github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.4.0

Fixed

11.4.1

Affected versions

11.*

11.4.0

Go / github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.3.0

Fixed

11.3.3

Go / github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.2.0

Fixed

11.2.6

Go / github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.1.0

Fixed

11.1.11

Go / github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.0.0

Fixed

11.0.11

Go / github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.4.15