Primary

Context

Grafana Infinity Datasource Plugin URL Restriction Bypass Vulnerability

Vulnerability

A vulnerability in the Grafana Infinity datasource plugin allows attackers to bypass URL restrictions. The plugin, which visualizes data from various endpoints, could be configured to allow only certain URLs. However, an attacker could exploit this by using a specially crafted URL to bypass the restrictions. This issue affects versions of the Infinity datasource plugin prior to 3.4.1.

Impact

Exploitation of this vulnerability could lead to server-side request forgery (SSRF) attacks, allowing attackers to make requests to internal services or resources.

Remediation

Users can upgrade to Grafana Infinity Datasource Plugin version 3.4.1 or later to address this vulnerability.

Added: Aug 4, 2025, 9:16 AM

Updated: Aug 4, 2025, 9:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grafana Infinity Datasource Plugin URL Restriction Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating