CVE-2024-11741 — Sensitive Information Exposure in Grafana

CWE-200 — Sensitive Information Exposure7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 71.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Grafana Github.com Grafana Grafana

Timeline

PublishedJan 31

Latest updateFeb 4

Description

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5grafana/grafana11.4.0 — 11.4.1+4

▶Gogithub.com/grafana_grafana11.4.0 — 11.4.1+7

🔴Vulnerability Details

OSV

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana↗2025-02-04

▶

CVEList

CVE-2024-11741: Grafana is an open-source platform for monitoring and observability↗2025-01-31

▶

GHSA

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission↗2025-01-31

▶

OSV

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission↗2025-01-31

▶

OSV

CVE-2024-11741: Grafana is an open-source platform for monitoring and observability↗2025-01-31

▶

📋Vendor Advisories

Red Hat

grafana: From CVEorg collector↗2025-01-31

▶