Fluid Attacks Database

Description

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/grafana/grafana	=11.4.0 \|\| >=11.4.0 <11.4.1 \|\| >=11.3.0 <11.3.3 \|\| >=11.2.0 <11.2.6 \|\| >=11.1.0 <11.1.11 \|\| >=11.0.0 <11.0.11 \|\| >=1.9.2 <10.4.15 \|\| >=0 <0.0.0-20250129224826-70073427041e \|\| >=0.0.0 <1.9.2-0.20250129224826-70073427041e	11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11, 10.4.15, 0.0.0-20250129224826-70073427041e, 1.9.2-0.20250129224826-70073427041e
rpm rhel10	grafana	-	-
rpm rhel8	grafana	-	-
rpm rhel9	grafana	-	-

Aliases

1. CVE-2024-117412. NVD-2024-117413. OSV-2024-117414. GCVE-2024-11741

References

1. https://github.com/grafana/grafana/commit/70073427041e15c353e0d467b714527584765aea2. https://grafana.com/security/security-advisories/cve-2024-117413. https://pkg.go.dev/vuln/GO-2025-34384. https://security.netapp.com/advisory/ntap-20250509-0006