SSRF in CSV Datasource Plugin

CVE ID: CVE-2023-5122

Date Published: February 14, 2024


Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g., requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user.

This issue has been patched in plugin version 0.6.13.