SSRF in Infinity Datasource Plugin

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title SSRF in Infinity Datasource Plugin
Type cve
Published 2025-08-04T08:34:50.669Z
Modified 2025-08-04T08:34:50.669Z

Product Information

Vendor Grafana
Product grafana-infinity-datasource
Version 0.6.0

CVSS Information

Base Score 5.0 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Analysis

AI Description A Server-Side Request Forgery (SSRF) vulnerability in the Infinity Datasource Plugin allows attackers to bypass URL restrictions. This is fixed in version 3.4.1.
AI Severity Medium
AI Vendor Grafana Labs
AI Product Infinity Datasource Plugin
AI Version 0.6.0

Affected Products

  • Grafana grafana-infinity-datasource 0.6.0

Additional Information

CWE List CWE-918
Source GRAFANA

Description

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints.

If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.