Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2023-4399

Grafana is an open-source platform for monitoring and observability.

In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts.

However, the restriction can be bypassed used punycode encoding of the characters in the request address.

  • Published: Oct 17, 2023
  • Updated: May 4, 2025
  • CVE: CVE-2023-4399
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Software From Fixed in
grafana / grafana 10.1.0 10.1.5
grafana / grafana 10.0.0 10.0.9
grafana / grafana 9.5.0 9.5.13
grafana / grafana 9.4.0 9.4.17