CVE-2025-8341

Sažetak

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.

Reference

https://github.com/grafana/grafana-infinity-datasource/releases/tag/v3.4.1
https://grafana.com/security/security-advisories/cve-2025-8341/

CVSS

Base:	5.0
Impact:	1.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Zadnje važnije ažuriranje

04-08-2025 - 15:06

Objavljeno

04-08-2025 - 09:15