Grafana 6.7.4 and 7.0.2 released with important security fix

Grafana released versions 6.7.4 and 7.0.2 to address a critical security vulnerability affecting all versions from 3.0.1 to 7.0.1, specifically an SSRF vulnerability that does not require authentication, allowing unauthorized users to make HTTP requests via Grafana and potentially exposing network information. This issue, which was reported on May 14, 2020, and assigned CVE-2020-13379, can also lead to denial-of-service attacks by causing segmentation faults with invalid URL objects. To mitigate the vulnerability, users are advised to upgrade to the patched versions or block access to the vulnerable avatar feature, with Grafana Cloud instances and Enterprise customers receiving updates under embargo. Grafana encourages users to report security vulnerabilities via their designated email, offering a PGP key for encrypted communication, and maintains a Security Announcements section for updates and remediation details.