{"id":"GHSA-wxcc-2f3q-4h58","summary":"Grafana Alerting VictorOps integration could be exposed to users with Viewer permission","details":"Grafana is an open-source platform for monitoring and observability. \nThe Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15","aliases":["BIT-grafana-2024-11741","CVE-2024-11741","GO-2025-3438"],"modified":"2026-02-04T03:37:22.964104Z","published":"2025-01-31T18:31:07Z","related":["CGA-9c44-3qj7-gfhp"],"database_specific":{"github_reviewed":true,"severity":"MODERATE","nvd_published_at":"2025-01-31T16:15:30Z","github_reviewed_at":"2025-01-31T21:06:23Z","cwe_ids":["CWE-200"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11741"},{"type":"WEB","url":"https://github.com/grafana/grafana/commit/70073427041e15c353e0d467b714527584765aea"},{"type":"PACKAGE","url":"https://github.com/grafana/grafana"},{"type":"WEB","url":"https://grafana.com/security/security-advisories/cve-2024-11741"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2025-3438"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20250509-0006"}],"affected":[{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"11.4.0"},{"fixed":"11.4.1"}]}],"versions":["11.4.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"}},{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"11.3.0"},{"fixed":"11.3.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"}},{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"11.2.0"},{"fixed":"11.2.6"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"}},{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"11.1.0"},{"fixed":"11.1.11"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"}},{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"11.0.0"},{"fixed":"11.0.11"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"}},{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.9.2"},{"fixed":"10.4.15"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"}},{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20250129224826-70073427041e"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"}},{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0"},{"fixed":"1.9.2-0.20250129224826-70073427041e"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-wxcc-2f3q-4h58/GHSA-wxcc-2f3q-4h58.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}