
We found results for “”
CVE-2025-8341
Good to know:

Date: August 4, 2025
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Server-Side Request Forgery (SSRF)
CWE-918Top Fix

Upgrade Version
Upgrade to version github.com/grafana/grafana-infinity-datasource - v3.4.2;github.com/grafana/grafana-infinity-datasource - v1.4.2-0.20250731100004-9c736aa21b3a
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |