CVE-2023-5122

Name of the Vulnerable Software and Affected Versions Grafana (affected versions not specified)

Description The issue concerns the CSV datasource plugin, a Grafana Labs maintained plugin for Grafana, which allows retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin is configured to send requests to a bare host with no path, requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in a Server-Side Request Forgery (SSRF) vector.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.