GHSA-wxcc-2f3q-4h58

Source

https://github.com/advisories/GHSA-wxcc-2f3q-4h58

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-wxcc-2f3q-4h58

Aliases

Related

CGA-9c44-3qj7-gfhp

Published

2025-01-31T18:31:07Z

Modified

2026-01-30T02:32:57.820192Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission

Details

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15

Database specific

{
    "github_reviewed_at": "2025-01-31T21:06:23Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "nvd_published_at": "2025-01-31T16:15:30Z",
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.4.0

Fixed

11.4.1

Affected versions

11.*

11.4.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.3.0

Fixed

11.3.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.2.0

Fixed

11.2.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.1.0

Fixed

11.1.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

11.0.0

Fixed

11.0.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

1.9.2

Fixed

10.4.15

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.0-20250129224826-70073427041e

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0

Fixed

1.9.2-0.20250129224826-70073427041e

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"