Grafana Alerting
Approved changes feed: RSS · Atom
cpe:2.3:a:grafana:grafana_alerting:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Grafana (7564912d-bb81-50cf-9eb9-f573ac2fa519) |
|---|---|
| Product | Grafana Alerting (39bf5819-f415-55be-8a0a-1f586cb59ade) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-12141 |
vulnerable | 2026-06-03 14:58:43.878601 |
Grafana Alerting Editors can edit destination of webhooks they did not create
In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services (e.g., Slack tokens). This leads to unauthorized access and potential compromise of external integrations.
Published: 2026-04-15T14:59:41.317Z
Updated: 2026-04-15T18:45:53.672Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.