CVE-2025-3454

high

Description

Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character (/) in the URL path. Among Grafana-maintained data sources, the vulnerability only affects the read paths of Prometheus (all flavors) and Alertmanager when configured with basic authorization. The CVSS score for this vulnerability is 5.0 MEDIUM.

Details

Source: Mitre, NVD

Published: 2025-04-24

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics