GO-2025-3438
- Source
- https://pkg.go.dev/vuln/GO-2025-3438
- Import Source
- https://vuln.go.dev/ID/GO-2025-3438.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2025-3438
- Aliases
-
- BIT-grafana-2024-11741
- CVE-2024-11741
- GHSA-wxcc-2f3q-4h58
- Published
- 2025-02-04T22:06:11Z
- Modified
- 2025-02-04T22:42:02.888950Z
- Summary
- Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana
- Details
-
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/grafana/grafana before v10.4.15, from v11.0.0 before v11.0.11, from v11.1.0 before v11.1.11, from v11.2.0 before v11.2.6, from v11.3.0 before v11.3.3, from v11.4.0 before v11.4.1.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2025-3438", "review_status": "UNREVIEWED" }- References
Affected packages
Go / github.com/grafana/grafana
Package
- Name
- github.com/grafana/grafana
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/grafana/grafana
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"custom_ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.4.15"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.11"
},
{
"introduced": "11.1.0"
},
{
"fixed": "11.1.11"
},
{
"introduced": "11.2.0"
},
{
"fixed": "11.2.6"
},
{
"introduced": "11.3.0"
},
{
"fixed": "11.3.3"
},
{
"introduced": "11.4.0"
},
{
"fixed": "11.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}