Metrics
Affected Vendors & Products
Mon, 02 Jun 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 02 Jun 2025 10:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in Grafana. This vulnerability allows users with Viewer or Editor roles to access or modify dashboards without proper permissions. | A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashboards in any folder regardless of permissions - Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources. |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 29 Apr 2025 06:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in Grafana. This vulnerability allows users with Viewer or Editor roles to access or modify dashboards without proper permissions. |
Sat, 26 Apr 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | grafana: Unauthorized Dashboard Access in Grafana | |
Weaknesses | CWE-281 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: GRAFANA
Published: 2025-06-02T10:06:39.039Z
Updated: 2025-06-02T12:14:34.036Z
Reserved: 2025-04-04T09:06:12.014Z
Link: CVE-2025-3260

Updated: 2025-06-02T12:14:21.279Z

Status : Awaiting Analysis
Published: 2025-06-02T10:15:21.740
Modified: 2025-06-02T17:32:17.397
Link: CVE-2025-3260
