Low
| Advisory ID: | CVE-2025-3717 |
| Published: | 2025-11-11 |
| Product: | Grafana Snowflake Datasource plugin |
| CVSS Score: | 2.1 |
| CVSS Vector: | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N |
| Fixed Versions: | 1.14.1 |
Summary
Grafana is an open-source platform for monitoring and observability. The the Grafana-Snowflake-Datasource is a plugin allowing Grafana to visualize data from Snowflake
Versions between 1.5.0 and 1.14.0 are vulnerable to a bug when Oauth passthrough is enabled, and multiple users are using the same datasource at the same time on a single Grafana instance that could result in the wrong user identifier being used, and and information for which the viewer is not authorized being returned.
This is the same root cause as CVE-2025-41116