Improper Input Validation

github.com/grafana/grafana-infinity-datasource is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of allowed URL restrictions, which allows an attacker to bypass configured URL checks using a specially crafted URL...

GO-2025-3843 Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource

Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource...

The vulnerability of the visualization plugin for the Infinity Datasource platform used in Grafana monitoring and observation systems stems from server-side request manipulation. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Infinity Datasource plugin for the Grafana monitoring and observation platform relates to server-side request manipulation. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

CVE-2025-8341

A flaw was found in github.com/grafana/grafana-infinity-datasource. The Infinity datasource plugin incorrectly handles configuration when restricted to certain data sources, allowing an attacker to potentially trigger an out-of-bounds read. This vulnerability allows a remote attacker to manipulat...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL validation process. An attacker can access internal or otherwise restricted resources by submitting a specially crafted URL that bypasses configured allowlists. Remediation Upgrade...

Grafana Infinity Datasource Plugin SSRF Vulnerability

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

CVE-2025-8341

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

CVE-2025-8341

CVE-2025-8341 concerns the Grafana Infinity Datasource Plugin. The connected documents describe an SSRF-type issue where, if the plugin’s allowlist is misused, an attacker could bypass URL restrictions and trigger server-side requests to unintended resources. The vulnerability is tied to the plug...

CVE-2025-8341 SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

CVE-2025-8341 SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

PT-2025-31801 · Grafana · Infinity Datasource Plugin +1

Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 3.4.1 Description: Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML...