Unrated severityNVD Advisory· Published Feb 14, 2024· Updated Feb 13, 2025

SSRF in CSV Datasource Plugin

CVE-2023-5122

Description

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Grafana/Grafanallm-fuzzy
Grafana/Databricks Datasource Pluginllm-fuzzy
osv-coords
pkg:bitnami/grafana
Range: < 0.6.13
Grafana/Grafana Infinity Datasourcecpe-rescue
Range: 0.0.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000