CVE-2025-41116
Description
When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is not authorized being returned. This issue affects Grafana Databricks Datasource Plugin: from 1.6.0 before 1.12.0
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-41116? +
How do I check if I'm vulnerable to CVE-2025-41116? +
Related Vulnerabilities
When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using …
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write …
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by …
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network …
lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in …