Primary

Context

Grafana Alerting VictorOps Integration Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A vulnerability exists in the Grafana Alerting VictorOps integration, where improper protection could expose sensitive information to users with Viewer permission. This issue is present in Grafana versions prior to 11.5.0, as well as in versions 11.4.0, 11.3.0, 11.2.0, 11.1.0, 11.0.0, and 10.4.0.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive information.

Remediation

Users can upgrade to Grafana versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11, or 10.4.15 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grafana Alerting VictorOps Integration Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Grafana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating