CVE-2025-8341

CVE-2025-8341 concerns the Grafana Infinity Datasource Plugin. The connected documents describe an SSRF-type issue where, if the plugin’s allowlist is misused, an attacker could bypass URL restrictions and trigger server-side requests to unintended resources. The vulnerability is tied to the plug...

CVE-2025-8341 SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

CVE-2025-8341 SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

Grafana Infinity datasource plugin 安全漏洞

Grafana Infinity datasource plugin is an open source data access plugin for Grafana. A security vulnerability exists in Grafana Infinity datasource plugin versions prior to 3.4.1, which originates from URL restrictions that can be bypassed, potentially leading to remote attacks...

SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

PT-2025-31801 · Grafana · Infinity Datasource Plugin +1

Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 3.4.1 Description: Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML...

CVE-2024-33850

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...

CVE-2023-37225

Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links...

CVE-2022-26656

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join...

CVE-2022-25357

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference call join if it has a lock but not a PIN...

CVE-2022-23228

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service...

CVE-2022-32263

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719...

CVE-2022-29286

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling...

CVE-2022-27930

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed...

CVE-2022-27935

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth...

CVE-2022-27931

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol...

CVE-2022-27934

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP...

CVE-2022-26657

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join...

CVE-2022-27929

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP...

CVE-2021-42555

Pexip Infinity before 26.2 allows temporary remote Denial of Service abort because of missing call-setup input validation...