Infinity Datasource Plugin for Grafana Vulnerability Exposes Data to Attackers
CVE-2025-8341
What is CVE-2025-8341?
The Infinity datasource plugin for Grafana is designed to facilitate data visualization from multiple endpoints including JSON, CSV, XML, GraphQL, and HTML. However, a configuration flaw allows attackers to bypass restrictions meant to limit data source URLs. By crafting a specially formatted URL, an attacker could gain unauthorized access to sensitive data. This issue has been addressed in version 3.4.1, emphasizing the need for users to update their installations promptly to mitigate risks associated with unauthorized data exposure.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
grafana-infinity-datasource 0.6.0 < 3.4.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved