Описание
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints.
If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.
A flaw was found in github.com/grafana/grafana-infinity-datasource. The Infinity datasource plugin incorrectly handles configuration when restricted to certain data sources, allowing an attacker to potentially trigger an out-of-bounds read. This vulnerability allows a remote attacker to manipulate program behavior through specially crafted data source configurations, which may result in potential application denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 4 | cryostat/cryostat-grafana-dashboard-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.
Grafana Infinity Datasource Plugin SSRF Vulnerability
Уязвимость плагина для визуализации данные Infinity Datasource платформы для мониторинга и наблюдения Grafana, связанная с серверной фальсификацией запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
5 Medium
CVSS3