AVG-2884 log
| Package | grafana |
| Status | Vulnerable |
| Severity | Medium |
| Type | multiple issues |
| Affected | 11.6.1-1 |
| Fixed | Unknown |
| Current | 12.3.0-1 [extra] |
| Ticket | Create |
| Created | Sat May 24 04:32:07 2025 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2025-3454 | Medium | Yes | Access restriction bypass | A vulnerability was found in Grafana's data source proxy API, which allows authorization checks to be bypassed by adding an extra slash character in the URL... |
| CVE-2025-2703 | Medium | Yes | Cross-site scripting | A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor- level privileges to... |