Grafana 5.4.5 and 6.3.4 Released with Important Security Fix

Grafana has released versions 5.4.5 and 6.3.4 to address a significant security vulnerability, identified as CVE-2019-15043, which affects all versions from 2.0.0 to 6.3.3. This vulnerability allows unauthorized access to parts of the Grafana HTTP API, enabling potential denial of service attacks. The issue was reported on August 12, 2019, and following a thorough process of confirmation and patch development, the updated versions were released on August 29, 2019. Grafana Cloud instances have already been patched, and Grafana Enterprise customers have received updated binaries. Users running affected versions are advised to upgrade immediately to ensure security. Further, Grafana maintains a Security Announcements category on its community site for updates and encourages reporting any vulnerabilities to [email protected].