A vulnerability exists in the Grafana Alerting DingDing integration, which was not adequately secured. This flaw allows exposure of the integration URL to users with Viewer permissions. The issue has been addressed in Grafana versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01, and 12.0.1+security-01.
Exploitation of this vulnerability could lead to unauthorized exposure of the DingDing integration URL to users with Viewer permissions.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
