1 results (0.008 seconds)
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5123 – Improper Path Sanitization in JSON Datasource Plugin
https://notcve.org/view.php?id=CVE-2023-5123
14 Feb 2024 — The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configur... • https://grafana.com/security/security-advisories/cve-2023-5123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •