CNNVD-202511-999 Information

Nov 11, 2025 cve

CNNVD ID

CNNVD-202511-999

CVE-2025-3717

  • CNNVD Published: 2025-11-11

Description (Chinese)

Grafana Snowflake Datasource Plugin是Grafana开源的一款数据库连接插件。 Grafana Snowflake Datasource Plugin 1.5.0版本至1.14.1之前版本存在安全漏洞,该漏洞源于Oauth passthrough启用时用户标识符使用错误,可能导致返回未授权信息。

Description (English)

Grafana Snowflake Datasource Plugin is an open-source database connection plugin for Grafana. There is a security loophole in the previous versions of Grafana Snowflake Datasource Plugin 1.5.0 to 1.1.4.1, which stems from the error in the use of user identifiers when Outlook is enabled and may lead to the return of unauthorized information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Grafana

Published

2025-11-11

Last Modified

2026-02-24

References

https://grafana.com/security/security-advisories/cve-2025-3717/ https://vigilance.fr/vulnerability/Grafana-information-disclosure-via-Snowflake-Datasource-48741 https://access.redhat.com/security/cve/cve-2025-3717

Share on: