CVE-2025-8341 – github.com/grafana/grafana-infinity-datasource

Package

Manager: go
Name: github.com/grafana/grafana-infinity-datasource
Vulnerable Version: >=0 <1.4.2-0.20250731100004-9c736aa21b3a

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00032 pctl0.07663

Details

Grafana Infinity Datasource Plugin SSRF Vulnerability Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.

Metadata

Created: 2025-08-04T09:30:28Z
Modified: 2025-08-04T20:25:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-3c93-92r7-j934/GHSA-3c93-92r7-j934.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-3c93-92r7-j934
Finding: F100
Auto approve: 1