CVE-2024-11741: Grafana Alerting VictorOps integration could be exposed to users with Viewer permission

January 31, 2025 (updated May 9, 2025)

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15

References

github.com/advisories/GHSA-wxcc-2f3q-4h58
github.com/grafana/grafana
grafana.com/security/security-advisories/cve-2024-11741
nvd.nist.gov/vuln/detail/CVE-2024-11741
pkg.go.dev/vuln/GO-2025-3438
security.netapp.com/advisory/ntap-20250509-0006

Code Behaviors & Features

Detect and mitigate CVE-2024-11741 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →