SSRF in CSV Datasource Plugin
Issue Details: CVE-2023-5122
Date Published: February 14, 2024
Description:
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user.
This issue has been patched in plugin version 0.6.13.