CVE-2023-5123 – The JSON datasource plugin for Grafana has a pa... (How to Fix)

Q: What is the severity of CVE-2023-5123?

CVE-2023-5123 has a CVSS score of 8.0 (HIGH). The JSON datasource plugin for Grafana has a path traversal vulnerability that allows authenticated users to query arbitrary endpoints on the configured remote server. This affects Grafana instances using the vulnerable plugin version, potentially allowing data exposure or privilege escalation if the plugin points to the Grafana instance itself.

📋 TL;DR

The JSON datasource plugin for Grafana has a path traversal vulnerability that allows authenticated users to query arbitrary endpoints on the configured remote server. This affects Grafana instances using the vulnerable plugin version, potentially allowing data exposure or privilege escalation if the plugin points to the Grafana instance itself.

💻 Affected Systems

Products:

Grafana JSON datasource plugin (marcusolsson-json-datasource)

Versions: All versions before 1.5.0

Operating Systems: All platforms running Grafana

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when the plugin is installed and configured with a remote endpoint. The plugin is not installed by default.

📦 What is this software?

Json Api Data Source by Grafana

View all CVEs affecting Json Api Data Source →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator credentials could be used to access Grafana administrative APIs, leading to full system compromise and privilege escalation.

🟠

Likely Case

Unauthorized access to internal APIs or data sources on the configured remote endpoint, potentially exposing sensitive information.

🟢

If Mitigated

Limited to accessing only authorized sub-paths on properly configured endpoints with network segmentation.

🌐 Internet-Facing: MEDIUM - Requires authenticated Grafana user access and specific plugin configuration.

🏢 Internal Only: HIGH - Internal users with editor permissions can exploit this to access unauthorized internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated Grafana user with dashboard editing permissions. Exploitation involves crafting dashboard queries with path traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.0

Vendor Advisory: https://grafana.com/security/security-advisories/cve-2023-5123/

Restart Required: Yes

Instructions:

1. Update the JSON datasource plugin to version 1.5.0 or later via Grafana's plugin management interface. 2. Restart the Grafana service. 3. Verify the plugin version in Grafana's plugin administration page.

🔧 Temporary Workarounds

Disable or remove the plugin

all

Uninstall the vulnerable JSON datasource plugin if not required

grafana-cli plugins remove marcusolsson-json-datasource

Restrict dashboard editing permissions

all

Limit dashboard creation/editing to trusted administrators only

🧯 If You Can't Patch

Configure the plugin to point only to trusted, isolated endpoints with no sensitive APIs
Implement network segmentation to prevent the plugin from accessing internal administrative endpoints

🔍 How to Verify

Check if Vulnerable:

Check installed plugin version in Grafana admin interface under Plugins > Installed plugins. Look for marcusolsson-json-datasource version below 1.5.0.

Check Version:

grafana-cli plugins ls | grep json-datasource

Verify Fix Applied:

Confirm plugin version is 1.5.0 or higher in Grafana's plugin administration page.

📡 Detection & Monitoring

Log Indicators:

Unusual API requests from Grafana to unexpected endpoints
Path traversal sequences (../) in datasource queries

Network Indicators:

Grafana instance making requests to administrative endpoints it shouldn't access
Requests bypassing configured sub-path restrictions

SIEM Query:

source="grafana" AND (url="*../*" OR destination_port="3000" AND path!="/api/datasources/*")

📊 Metadata

CVE ID: CVE-2023-5123

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: February 14, 2024

Last Updated: January 6, 2026

🔗 References

https://grafana.com/security/security-advisories/cve-2023-5123/ Vendor Advisory
https://security.netapp.com/advisory/ntap-20240503-0007/ Third Party Advisory
https://grafana.com/security/security-advisories/cve-2023-5123/ Vendor Advisory
https://security.netapp.com/advisory/ntap-20240503-0007/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5123, you might also want to check these: