CVE-2025-41116 | THREATINT

Description

When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is not authorized being returned. This issue affects Grafana Databricks Datasource Plugin: from 1.6.0 before 1.12.0

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-19 | Assigner GRAFANA

LOW: 2.1CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-653

Product status

Default status

unaffected

1.6.0 (semver) before 1.12.1

affected

References

grafana.com/security/security-advisories/cve-2025-41116/

cve.org (CVE-2025-41116)

nvd.nist.gov (CVE-2025-41116)

Download JSON