Primary

Context

Grafana Alerting DingDing Integration Improper Authorization Vulnerability

Vulnerability

Patched

A vulnerability allowing unauthorized access to Grafana Alerting DingDing integration has been identified. This issue arises from improper authorization, which could expose sensitive information to users with Viewer permissions. The vulnerability is present in Grafana versions prior to 11.6.2 and has been fixed in several subsequent releases. The issue specifically affects the administrative user interface for log management, not the Incoming Goods Suite user interface.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information within the Grafana Alerting DingDing integration, allowing users with Viewer permissions to access data they should not be privy to.

Remediation

Users are strongly recommended to upgrade to Grafana versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 or 12.0.1+security-01.

Added: Jan 15, 2026, 2:37 PM

Updated: Jan 15, 2026, 2:37 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

5.2

remediation

7.9

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

5.2

remediation

7.9

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grafana Alerting DingDing Integration Improper Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Grafana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating