CVE-2025-3717
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-11
Assigner: Grafana Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| grafana | snowflake_datasource_plugin | 1.5.0 |
| grafana | snowflake_datasource_plugin | 1.14.1 |
| grafana | snowflake_datasource_plugin | 1.14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-653 | The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Grafana Snowflake Datasource Plugin when Oauth passthrough is enabled and multiple users use the same datasource simultaneously on a single Grafana instance. It can cause the wrong user identifier to be used, potentially returning information to a user that they are not authorized to see.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized information disclosure, where a user might see data belonging to another user due to incorrect user identification in the datasource plugin.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Grafana Snowflake Datasource Plugin to version 1.14.1 or later, as versions from 1.5.0 before 1.14.1 are affected. Additionally, consider disabling Oauth passthrough on the datasource if multiple users share the same datasource on a single Grafana instance until the update is applied.