CVE-2025-8341
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-8341
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8341.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-8341
- Aliases
- Published
- 2025-08-04T09:15:26Z
- Modified
- 2025-08-11T18:14:50.887830Z
- Summary
- [none]
- Details
-
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints.
If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.
- References
Affected packages
Git / github.com/grafana/grafana-infinity-datasource
Affected ranges
- Type
- GIT
- Repo
- https://github.com/grafana/grafana-infinity-datasource
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.0-x
v0.*
v0.6.0
v0.6.0-alpha1
v0.6.0-alpha10
v0.6.0-alpha2
v0.6.0-alpha3
v0.6.0-alpha4
v0.6.0-alpha5
v0.6.0-alpha6
v0.6.0-alpha7
v0.6.0-alpha8
v0.6.0-alpha9
v0.6.1
v0.7.0
v0.7.1
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.66209fb222281817bb562228395e3af06b40cebec
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.0-beta.1
v0.8.0-beta.2
v0.8.0-dev.10
v0.8.0-dev.4
v0.8.0-dev.6
v0.8.0-dev.7
v0.8.0-dev.8
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v1.*
v1.0.0
v1.0.0-beta.1
v1.0.0-beta.2
v1.0.0-dev.1
v1.0.0-dev.2
v1.0.0-dev.3
v1.0.0-dev.4
v1.0.0-dev.5
v1.0.1
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.4.1
v2.*
v2.0.0
v2.1.0
v2.11.2
v2.12.1
v2.12.2
v2.2.0
v2.2.1
v2.3.0
v2.5.0
v2.7.0
v2.7.1
v3.*
v3.0.0
v3.0.0-beta.1
v3.0.0-beta.2
v3.1.0
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.4.0