Information disclosure in Grafana Alerting
CVE-2025-12141
In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Write…
Vulnerability class: Information Disclosure
EPSS: 0.001 (20.6th percentile) — read the EPSS interpretation.
Affected products
- Grafana Alerting — versions 8.0.0