Description
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission.
Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2025-3415, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2025-3415 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- http://webappsec.pbworks.com/Information-Leakage
- https://capec.mitre.org/data/definitions/116.html
- https://capec.mitre.org/data/definitions/13.html
- https://capec.mitre.org/data/definitions/169.html
- https://capec.mitre.org/data/definitions/22.html
- https://capec.mitre.org/data/definitions/224.html
- https://capec.mitre.org/data/definitions/285.html
- https://capec.mitre.org/data/definitions/287.html
- https://capec.mitre.org/data/definitions/290.html
- https://capec.mitre.org/data/definitions/291.html
- https://capec.mitre.org/data/definitions/292.html
- https://capec.mitre.org/data/definitions/293.html
- https://capec.mitre.org/data/definitions/294.html
- https://capec.mitre.org/data/definitions/295.html
- https://capec.mitre.org/data/definitions/296.html
- https://capec.mitre.org/data/definitions/297.html
- https://capec.mitre.org/data/definitions/298.html
- https://capec.mitre.org/data/definitions/299.html
- https://capec.mitre.org/data/definitions/300.html
- https://capec.mitre.org/data/definitions/301.html
- https://capec.mitre.org/data/definitions/302.html
- https://capec.mitre.org/data/definitions/303.html
- https://capec.mitre.org/data/definitions/304.html
- https://capec.mitre.org/data/definitions/305.html
- https://capec.mitre.org/data/definitions/306.html
- https://capec.mitre.org/data/definitions/307.html
- https://capec.mitre.org/data/definitions/308.html
- https://capec.mitre.org/data/definitions/309.html
- https://capec.mitre.org/data/definitions/310.html
- https://capec.mitre.org/data/definitions/312.html
- https://capec.mitre.org/data/definitions/313.html
- https://capec.mitre.org/data/definitions/317.html
- https://capec.mitre.org/data/definitions/318.html
- https://capec.mitre.org/data/definitions/319.html
- https://capec.mitre.org/data/definitions/320.html
- https://capec.mitre.org/data/definitions/321.html
- https://capec.mitre.org/data/definitions/322.html
- https://capec.mitre.org/data/definitions/323.html
- https://capec.mitre.org/data/definitions/324.html
- https://capec.mitre.org/data/definitions/325.html
- https://capec.mitre.org/data/definitions/326.html
- https://capec.mitre.org/data/definitions/327.html
- https://capec.mitre.org/data/definitions/328.html
- https://capec.mitre.org/data/definitions/329.html
- https://capec.mitre.org/data/definitions/330.html
- https://capec.mitre.org/data/definitions/472.html
- https://capec.mitre.org/data/definitions/497.html
- https://capec.mitre.org/data/definitions/508.html
- https://capec.mitre.org/data/definitions/573.html
- https://capec.mitre.org/data/definitions/574.html
- https://capec.mitre.org/data/definitions/575.html
- https://capec.mitre.org/data/definitions/576.html
- https://capec.mitre.org/data/definitions/577.html
- https://capec.mitre.org/data/definitions/59.html
- https://capec.mitre.org/data/definitions/60.html
- https://capec.mitre.org/data/definitions/616.html
- https://capec.mitre.org/data/definitions/643.html
- https://capec.mitre.org/data/definitions/646.html
- https://capec.mitre.org/data/definitions/651.html
- https://capec.mitre.org/data/definitions/79.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-3415