CVE-2024-11741
published 2025-01-31CVE-2024-11741: Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.37%
28.6th percentile
Grafana is an open-source platform for monitoring and observability.
The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission.
Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | grafana_grafana | >= 0 < 0.0.0-20250129224826-70073427041e | 0.0.0-20250129224826-70073427041e |
| github.com | grafana_grafana | >= 0.0.0 < 1.9.2-0.20250129224826-70073427041e | 1.9.2-0.20250129224826-70073427041e |
| github.com | grafana_grafana | >= 1.9.2 < 10.4.15 | 10.4.15 |
| github.com | grafana_grafana | >= 11.0.0 < 11.0.11 | 11.0.11 |
| github.com | grafana_grafana | >= 11.1.0 < 11.1.11 | 11.1.11 |
| github.com | grafana_grafana | >= 11.2.0 < 11.2.6 | 11.2.6 |
| github.com | grafana_grafana | >= 11.3.0 < 11.3.3 | 11.3.3 |
| github.com | grafana_grafana | >= 11.4.0 < 11.4.1 | 11.4.1 |
| grafana | grafana | >= 10.4.0 < 10.4.15 | 10.4.15 |
| grafana | grafana | >= 11.1.0 < 11.1.11 | 11.1.11 |
| grafana | grafana | >= 11.2.0 < 11.2.6 | 11.2.6 |
| grafana | grafana | >= 11.3.0 < 11.3.3 | 11.3.3 |
| grafana | grafana | >= 11.4.0 < 11.4.1 | 11.4.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana
osv·2025-02-04
CVE-2024-11741 Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/grafana/grafana before v10.4.15, from v11.0.0 before v11.0.11, from v11.1.0 before v11.1.11, from v11.2.0 before v11.2.6, from v11.3.0 before v11.3.3, from v11.4.0 before v11.4.1.
GHSA
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
ghsa·2025-01-31
CVE-2024-11741 [MEDIUM] CWE-200 Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
Grafana is an open-source platform for monitoring and observability.
The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission.
Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15
OSV
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
osv·2025-01-31
CVE-2024-11741 [MEDIUM] Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission
Grafana is an open-source platform for monitoring and observability.
The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission.
Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15
OSV
CVE-2024-11741: Grafana is an open-source platform for monitoring and observability
osv·2025-01-31·CVSS 4.3
CVE-2024-11741 [MEDIUM] CVE-2024-11741: Grafana is an open-source platform for monitoring and observability
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15
Red Hat
grafana: From CVEorg collector
vendor_redhat·2025-01-31·CVSS 4.3
CVE-2024-11741 [MEDIUM] CWE-200 grafana: From CVEorg collector
grafana: From CVEorg collector
Grafana is an open-source platform for monitoring and observability.
The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission.
Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15
A flaw was found in Grafana Alerting VictorOps, Integration is not properly protected and could be exposed to users with Viewer permission.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: grafana (Red Hat Enterprise Linux 10) - Fix deferred
Package: grafana (Red Hat Enterprise Linux 8
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-31
Published