CVE-2024-11741
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana
4.3
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15
How to fix CVE-2024-11741
To remediate CVE-2024-11741, upgrade the affected package to a fixed version below.
- —upgrade to 10.4.15 or later
- —upgrade to 11.4.1 or later
- —no fix listed
Is CVE-2024-11741 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 10.4.0, < 10.4.15, >= 11.1.0, < 11.5.0
- >= 11.4.0, < 11.4.1
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |