FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- DingDing contact points exposed in Grafana Alerting

Affected packages
grafana < 10.4.19+security-01
11.0.0 <= grafana < 11.2.10+security-01
11.3.0 <= grafana < 11.3.7+security-01
11.4.0 <= grafana < 11.4.5+security-01
11.5.0 <= grafana < 11.5.5+security-01
11.6.0 <= grafana < 11.6.2+security-01
12.0.0 <= grafana < 12.0.1+security-01
8.0.0 <= grafana8
9.0.0 <= grafana9

Details

VuXML ID 6548cb01-4c33-11f0-8a97-6c3be5272acd
Discovery 2025-04-05
Entry 2025-06-18

Grafana Labs reports:

An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight, which we learned about through a bug bounty report.

The CVSS 3.0 score for this vulnerability is 4.3 (Medium).

[source]

References

CVE Name CVE-2025-3415
URL https://grafana.com/blog/2025/06/13/grafana-security-update-medium-severity-security-release-for-cve-2025-3415/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.