{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T11:31:32.416","vulnerabilities":[{"cve":{"id":"CVE-2025-8341","sourceIdentifier":"security@grafana.com","published":"2025-08-04T09:15:26.103","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints.\n\n\nIf the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1."},{"lang":"es","value":"Grafana es una plataforma de código abierto para la monitorización y la observabilidad. El complemento de origen de datos Infinity, mantenido por Grafana Labs, permite visualizar datos desde endpoints JSON, CSV, XML, GraphQL y HTML. Si el complemento estuviera configurado para permitir solo ciertas URL, un atacante podría eludir esta restricción utilizando una URL especialmente manipulado. Esta vulnerabilidad se ha corregido en la versión 3.4.1."}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/grafana/grafana-infinity-datasource/releases/tag/v3.4.1","source":"security@grafana.com"},{"url":"https://grafana.com/security/security-advisories/cve-2025-8341/","source":"security@grafana.com"}]}}]}