PT-2025-46531 · Grafana · Grafana Snowflake Datasource Plugin
Published
2025-11-11
·
Updated
2025-11-11
·
CVE-2025-3717
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Grafana Snowflake Datasource Plugin versions 1.5.0 through 1.14.0
Description
The Grafana Snowflake Datasource Plugin contains a flaw where, with Oauth passthrough enabled, concurrent use by multiple users on a single Grafana instance can lead to the incorrect user identifier being used. This can result in unauthorized information disclosure, as users may access data they are not permitted to view.
Recommendations
Update to a version later than 1.14.0.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Grafana Snowflake Datasource Plugin