461 matches found
Missing Authorization
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Missing Authorization via the /explore endpoint due to a missing authorization check. An attacker can obtain sensitive metadata about datasources by...
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675 Apache Superset: Incorrect datasource authorization on REST API
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
PT-2025-33274 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: Apache Superset contains an improper access control issue in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do...
GO-2025-3843 Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource
Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource...
The vulnerability of the visualization plugin for the Infinity Datasource platform used in Grafana monitoring and observation systems stems from server-side request manipulation. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Infinity Datasource plugin for the Grafana monitoring and observation platform relates to server-side request manipulation. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2025-8341
A flaw was found in github.com/grafana/grafana-infinity-datasource. The Infinity datasource plugin incorrectly handles configuration when restricted to certain data sources, allowing an attacker to potentially trigger an out-of-bounds read. This vulnerability allows a remote attacker to manipulat...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL validation process. An attacker can access internal or otherwise restricted resources by submitting a specially crafted URL that bypasses configured allowlists. Remediation Upgrade...
Grafana Infinity Datasource Plugin SSRF Vulnerability
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...
CVE-2025-8341
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...
CVE-2025-8341
CVE-2025-8341 concerns the Grafana Infinity Datasource Plugin. The connected documents describe an SSRF-type issue where, if the plugin’s allowlist is misused, an attacker could bypass URL restrictions and trigger server-side requests to unintended resources. The vulnerability is tied to the plug...
CVE-2025-8341 SSRF in Infinity Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...
CVE-2025-8341 SSRF in Infinity Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...
SSRF in Infinity Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...
PT-2025-31801 · Grafana · Infinity Datasource Plugin +1
Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 3.4.1 Description: Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML...
cloud-init security update
23.4-7.0.2.el810.10 - Fixes regression in cloud-init with module ccwritefilesdeferred Orabug: 37382965 - Update IPv6 IMDS endpoint to ULA and drop NIC identifier Orabug: 35965980 - Enable IPv6 Orabug: 36502414 - Added missing services in rhel/systemd/cloud-init.service Orabug: 32183938 - Increase...
Malicious code in grafana-amazonprometheus-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7359e2541c67fe090610ee101544e2e2da0fc6232b1fff166f71c0bd3c1f0e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grafana-strava-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38acd1154b6064c05313534795a57d0d6e586cc8ebd1a6a353b4ccaa3b27465 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...