{}

{}

{}

{"bugzilla": {"description": "grafana: Unauthorized Dashboard Access in Grafana", "id": "2358556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358556"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "status": "draft"}, "cwe": "CWE-281", "details": ["A flaw was found in Grafana. This vulnerability allows users with Viewer or Editor roles to access or modify dashboards without proper permissions."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-3260", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-25T13:02:53Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3260\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3260"], "statement": "This vulnerability is rated with an Important severity due to its ability to completely bypass role-based access controls, allowing users with VIEWER or EDITOR roles to access, modify, or delete dashboards regardless of permissions. \nThe impact is further amplified when anonymous authentication is enabled, where unauthenticated users can perform privileged actions, significantly increasing exposure. Although organization-level isolation remains intact, the failure to enforce dashboard-level permissions undermines core security guarantees. \nIt\u2019s important to note that this issue affects only Grafana version 11.6.0, which is not included in any Red Hat supported builds, and therefore Red Hat customers are not impacted.", "threat_severity": "Important"}