Grafana Enterprise datasource network restrictions bypass

CVE ID: CVE-2023-4399

Date Published: October 12, 2023


Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address. Credits: leixiao of Syclover Security Team.