CVE-2025-12141: CWE-200: Information Disclosure in Grafana Grafana Alerting
In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services (e.g., Slack tokens). This leads to unauthorized access and potential compromise of external integrations.
AI Analysis
Technical Summary
This vulnerability in Grafana Alerting (version 8.0.0) allows users with specific edit permissions (alert.notifications:write or alert.notifications.receivers:test) granted by the Contact Point Writer role to edit contact points created by other users. By changing the endpoint URL to a controlled server and invoking the test function, these users can capture redacted secure settings, including authentication credentials for third-party integrations such as Slack tokens. This results in unauthorized disclosure of sensitive information. The CVSS 4.0 base score is 1.3, reflecting low severity due to required privileges and limited impact. No vendor advisory or patch is currently available, and no known exploits have been reported.
Potential Impact
The vulnerability allows unauthorized disclosure of sensitive authentication credentials for third-party services integrated with Grafana Alerting. This could lead to unauthorized access or compromise of those external services. However, exploitation requires edit permissions on contact points, limiting the attacker scope. The low CVSS score indicates limited impact and low likelihood of widespread exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict edit permissions on contact points to trusted users only to minimize risk. Monitor for updates from Grafana regarding patches or configuration changes that address this issue.
CVE-2025-12141: CWE-200: Information Disclosure in Grafana Grafana Alerting
Description
In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services (e.g., Slack tokens). This leads to unauthorized access and potential compromise of external integrations.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Grafana Alerting (version 8.0.0) allows users with specific edit permissions (alert.notifications:write or alert.notifications.receivers:test) granted by the Contact Point Writer role to edit contact points created by other users. By changing the endpoint URL to a controlled server and invoking the test function, these users can capture redacted secure settings, including authentication credentials for third-party integrations such as Slack tokens. This results in unauthorized disclosure of sensitive information. The CVSS 4.0 base score is 1.3, reflecting low severity due to required privileges and limited impact. No vendor advisory or patch is currently available, and no known exploits have been reported.
Potential Impact
The vulnerability allows unauthorized disclosure of sensitive authentication credentials for third-party services integrated with Grafana Alerting. This could lead to unauthorized access or compromise of those external services. However, exploitation requires edit permissions on contact points, limiting the attacker scope. The low CVSS score indicates limited impact and low likelihood of widespread exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict edit permissions on contact points to trusted users only to minimize risk. Monitor for updates from Grafana regarding patches or configuration changes that address this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GRAFANA
- Date Reserved
- 2025-10-24T07:07:00.941Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dfaf6882d89c981f612b6c
Added to database: 4/15/2026, 3:31:52 PM
Last enriched: 4/15/2026, 3:47:43 PM
Last updated: 4/16/2026, 5:37:09 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.