logo

Database

Unauthorized access to screen In github.com/grafana/grafana

Description

Grafana's insecure DingDing Alert integration exposes sensitive information Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-34152. NVD-2025-34153. OSV-2025-34154. GCVE-2025-3415

References

1. https://github.com/grafana/grafana/commit/04111e9f2afd95ea3e5b01865cc29d3fc1198e712. https://github.com/grafana/grafana/commit/0adb869188fa2b9ae26efd424b94e17189538f293. https://github.com/grafana/grafana/commit/19c912476d4f7a81e8a3562668bc38f31b909e184. https://github.com/grafana/grafana/commit/4144c636d1a6d0b17fafcf7a2c40fa403542202a5. https://github.com/grafana/grafana/commit/4fc33647a8297d3a0aae04a5fcbac883ceb6a6556. https://github.com/grafana/grafana/commit/910eb1dd9e618014c6b1d2a99a431b99d4268c057. https://github.com/grafana/grafana/commit/91327938626c9426e481e6294850af7b61415c988. https://github.com/grafana/grafana/commit/a78de30720b4f33c88d0c1a973e693ebf38317179. https://grafana.com/security/security-advisories/cve-2025-341510. https://vulncheck.com/cve/CVE-2025-341511. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-3415.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.