Grafana CSV Datasource Plugin Vulnerability
CVE-2023-5122

5.3MEDIUM

Key Information:

Vendor: Grafana
Status: Grafana-csv-datasource
Vendor: CVE Published:; 14 February 2024

Summary

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Affected Version(s)

grafana-csv-datasource 0.0.0 < 0.6.13

References

https://grafana.com/security/security-advisories/cve-2023...

https://security.netapp.com/advisory/ntap-20240503-0002/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Sep 22, 2023