cbcvebase.
CVE-2024-11741
published 2025-01-31

CVE-2024-11741: Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed…

PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.37%
28.6th percentile
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15

Affected

13 ranges
VendorProductVersion rangeFixed in
github.comgrafana_grafana>= 0 < 0.0.0-20250129224826-70073427041e0.0.0-20250129224826-70073427041e
github.comgrafana_grafana>= 0.0.0 < 1.9.2-0.20250129224826-70073427041e1.9.2-0.20250129224826-70073427041e
github.comgrafana_grafana>= 1.9.2 < 10.4.1510.4.15
github.comgrafana_grafana>= 11.0.0 < 11.0.1111.0.11
github.comgrafana_grafana>= 11.1.0 < 11.1.1111.1.11
github.comgrafana_grafana>= 11.2.0 < 11.2.611.2.6
github.comgrafana_grafana>= 11.3.0 < 11.3.311.3.3
github.comgrafana_grafana>= 11.4.0 < 11.4.111.4.1
grafanagrafana>= 10.4.0 < 10.4.1510.4.15
grafanagrafana>= 11.1.0 < 11.1.1111.1.11
grafanagrafana>= 11.2.0 < 11.2.611.2.6
grafanagrafana>= 11.3.0 < 11.3.311.3.3
grafanagrafana>= 11.4.0 < 11.4.111.4.1

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.